admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:03:36 +00:00
parent 9f4027283e
commit af082856bd
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 2826 additions and 2826 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2004/1xxx/CVE-2004-1351.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1351", "ID": "CVE-2004-1351",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "57659", "description_data": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57659-1&searchclause=%22category:security%22%20%22availability,%20security%22" "lang": "eng",
}, "value": "Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code."
{ }
"name" : "ESB-2004.0759", ]
"refsource" : "AUSCERT", },
"url" : "http://www.auscert.org.au/render.html?it=4597" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "P-050", "description": [
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/p-050.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:592", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A592" ]
}, },
{ "references": {
"name" : "solaris-inrwhod-command-execution(18385)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18385" "name": "oval:org.mitre.oval:def:592",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A592"
"name" : "11840", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11840" "name": "11840",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/11840"
} },
} {
"name": "solaris-inrwhod-command-execution(18385)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18385"
},
{
"name": "57659",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57659-1&searchclause=%22category:security%22%20%22availability,%20security%22"
},
{
"name": "P-050",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-050.shtml"
},
{
"name": "ESB-2004.0759",
"refsource": "AUSCERT",
"url": "http://www.auscert.org.au/render.html?it=4597"
}
]
}
}

150
2004/1xxx/CVE-2004-1498.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1498", "ID": "CVE-2004-1498",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041102 [Hat-Squad] SQL injection and XSS Vulnerabilities in HELM", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109943858026542&w=2" "lang": "eng",
}, "value": "SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter."
{ }
"name" : "http://www.hat-squad.com/en/000077.html", ]
"refsource" : "MISC", },
"url" : "http://www.hat-squad.com/en/000077.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11586", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11586" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "13079", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/13079" ]
} },
] "references": {
} "reference_data": [
} {
"name": "13079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13079"
},
{
"name": "20041102 [Hat-Squad] SQL injection and XSS Vulnerabilities in HELM",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109943858026542&w=2"
},
{
"name": "http://www.hat-squad.com/en/000077.html",
"refsource": "MISC",
"url": "http://www.hat-squad.com/en/000077.html"
},
{
"name": "11586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11586"
}
]
}
}

160
2004/1xxx/CVE-2004-1696.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1696", "ID": "CVE-2004-1696",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040921 Multiple Vulnerabilities In EmuLive Server4", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109577497718374&w=2" "lang": "eng",
}, "value": "EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66."
{ }
"name" : "http://www.gulftech.org/?node=research&article_id=00051-09202004", ]
"refsource" : "MISC", },
"url" : "http://www.gulftech.org/?node=research&article_id=00051-09202004" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11226", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11226" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12616", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/12616" ]
}, },
{ "references": {
"name" : "emulive-tcp-port-dos(17451)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17451" "name": "20040921 Multiple Vulnerabilities In EmuLive Server4",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=109577497718374&w=2"
} },
} {
"name": "http://www.gulftech.org/?node=research&article_id=00051-09202004",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00051-09202004"
},
{
"name": "12616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12616"
},
{
"name": "11226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11226"
},
{
"name": "emulive-tcp-port-dos(17451)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17451"
}
]
}
}

160
2004/1xxx/CVE-2004-1802.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1802", "ID": "CVE-2004-1802",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040309 Ghost users in Chat Anywhere 2.72", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107885946220895&w=2" "lang": "eng",
}, "value": "Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page."
{ }
"name" : "http://aluigi.altervista.org/adv/chatany-ghost-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://aluigi.altervista.org/adv/chatany-ghost-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.lionmax.com/chatanywhere.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.lionmax.com/chatanywhere.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "9823", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/9823" ]
}, },
{ "references": {
"name" : "chat-anywhere-admin-bypass(15416)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15416" "name": "chat-anywhere-admin-bypass(15416)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15416"
} },
} {
"name": "http://aluigi.altervista.org/adv/chatany-ghost-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/chatany-ghost-adv.txt"
},
{
"name": "9823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9823"
},
{
"name": "http://www.lionmax.com/chatanywhere.htm",
"refsource": "CONFIRM",
"url": "http://www.lionmax.com/chatanywhere.htm"
},
{
"name": "20040309 Ghost users in Chat Anywhere 2.72",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107885946220895&w=2"
}
]
}
}

170
2004/2xxx/CVE-2004-2167.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2167", "ID": "CVE-2004-2167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cvs.sourceforge.net/viewcvs.py/latex2rtf/latex2rtf/definitions.c?rev=1.22&view=log", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://cvs.sourceforge.net/viewcvs.py/latex2rtf/latex2rtf/definitions.c?rev=1.22&view=log" "lang": "eng",
}, "value": "Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand."
{ }
"name" : "11233", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/11233" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10216", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=10216" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1011367", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/alerts/2004/Sep/1011367.html" ]
}, },
{ "references": {
"name" : "latex2rtf-expandmacro-bo(17460)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17460" "name": "1011367",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/alerts/2004/Sep/1011367.html"
"name" : "latex2rtf-multiple-bo(17487)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17487" "name": "latex2rtf-multiple-bo(17487)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17487"
} },
} {
"name": "http://cvs.sourceforge.net/viewcvs.py/latex2rtf/latex2rtf/definitions.c?rev=1.22&view=log",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/latex2rtf/latex2rtf/definitions.c?rev=1.22&view=log"
},
{
"name": "11233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11233"
},
{
"name": "10216",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=10216"
},
{
"name": "latex2rtf-expandmacro-bo(17460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17460"
}
]
}
}

130
2008/2xxx/CVE-2008-2649.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2649", "ID": "CVE-2008-2649",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5715", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5715" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php."
{ }
"name" : "desktoponnet-apppath-file-include(42790)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42790" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5715",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5715"
},
{
"name": "desktoponnet-apppath-file-include(42790)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42790"
}
]
}
}

200
2008/2xxx/CVE-2008-2667.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2667", "ID": "CVE-2008-2667",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[courier-announce] 20080608 courier-authlib 0.60.6 released", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.nabble.com/courier-authlib-0.60.6-released-td17720739.html" "lang": "eng",
}, "value": "SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors."
{ }
"name" : "[courier-users] 20080314 Re: [courier-users] [Fwd: Re: authmysql vs apostrophe]", ]
"refsource" : "MLIST", },
"url" : "http://www.mail-archive.com/courier-users@lists.sourceforge.net/msg31362.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=225407", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=225407" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.courier-mta.org/authlib/changelog.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.courier-mta.org/authlib/changelog.html" ]
}, },
{ "references": {
"name" : "GLSA-200809-05", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200809-05.xml" "name": "[courier-announce] 20080608 courier-authlib 0.60.6 released",
}, "refsource": "MLIST",
{ "url": "http://www.nabble.com/courier-authlib-0.60.6-released-td17720739.html"
"name" : "SUSE-SR:2008:014", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" "name": "30591",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30591"
"name" : "30967", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30967" "name": "opensuse-unspecified-sql-injection(43628)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43628"
"name" : "30591", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30591" "name": "[courier-users] 20080314 Re: [courier-users] [Fwd: Re: authmysql vs apostrophe]",
}, "refsource": "MLIST",
{ "url": "http://www.mail-archive.com/courier-users@lists.sourceforge.net/msg31362.html"
"name" : "opensuse-unspecified-sql-injection(43628)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43628" "name": "http://bugs.gentoo.org/show_bug.cgi?id=225407",
} "refsource": "CONFIRM",
] "url": "http://bugs.gentoo.org/show_bug.cgi?id=225407"
} },
} {
"name": "30967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30967"
},
{
"name": "http://www.courier-mta.org/authlib/changelog.html",
"refsource": "CONFIRM",
"url": "http://www.courier-mta.org/authlib/changelog.html"
},
{
"name": "SUSE-SR:2008:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "GLSA-200809-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-05.xml"
}
]
}
}

150
2008/2xxx/CVE-2008-2913.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2913", "ID": "CVE-2008-2913",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in func.php in Devalcms 1.4a, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the currentpath parameter, in conjunction with certain ... (triple dot) and ..... sequences in the currentfile parameter, to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5822", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5822" "lang": "eng",
}, "value": "Directory traversal vulnerability in func.php in Devalcms 1.4a, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the currentpath parameter, in conjunction with certain ... (triple dot) and ..... sequences in the currentfile parameter, to index.php."
{ }
"name" : "29728", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29728" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30585", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30585" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "devalcms-currentfile-file-include(43116)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43116" ]
} },
] "references": {
} "reference_data": [
} {
"name": "30585",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30585"
},
{
"name": "5822",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5822"
},
{
"name": "29728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29728"
},
{
"name": "devalcms-currentfile-file-include(43116)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43116"
}
]
}
}

200
2008/2xxx/CVE-2008-2926.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2926", "ID": "CVE-2008-2926",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080812 CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/495397/100/0/threaded" "lang": "eng",
}, "value": "The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request."
{ }
"name" : "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30651", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30651" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2339", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2339" ]
}, },
{ "references": {
"name" : "1020658", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020658" "name": "ADV-2008-2339",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2339"
"name" : "1020659", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020659" "name": "1020660",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020660"
"name" : "1020660", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020660" "name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559",
}, "refsource": "CONFIRM",
{ "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559"
"name" : "31434", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31434" "name": "20080812 CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/495397/100/0/threaded"
"name" : "ca-kmxfw-privilege-escalation(44392)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44392" "name": "31434",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/31434"
} },
} {
"name": "1020658",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020658"
},
{
"name": "30651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30651"
},
{
"name": "ca-kmxfw-privilege-escalation(44392)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44392"
},
{
"name": "1020659",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020659"
}
]
}
}

250
2008/3xxx/CVE-2008-3068.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3068", "ID": "CVE-2008-3068",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080703 Unauthorized reading confirmation from Outlook", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493947/100/0/threaded" "lang": "eng",
}, "value": "Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension."
{ }
"name" : "20080709 Re: Unauthorized reading confirmation from Outlook", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/494101/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt", "description": [
"refsource" : "MISC", {
"url" : "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt", ]
"refsource" : "MISC", }
"url" : "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt" ]
}, },
{ "references": {
"name" : "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt", "reference_data": [
"refsource" : "MISC", {
"url" : "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt" "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt",
}, "refsource": "MISC",
{ "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-003.txt"
"name" : "https://www.cynops.de/techzone/http_over_x509.html", },
"refsource" : "MISC", {
"url" : "https://www.cynops.de/techzone/http_over_x509.html" "name": "3978",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3978"
"name" : "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt", },
"refsource" : "MISC", {
"url" : "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt" "name": "20080709 Re: Unauthorized reading confirmation from Outlook",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/494101/100/0/threaded"
"name" : "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt", },
"refsource" : "MISC", {
"url" : "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt" "name": "28548",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28548"
"name" : "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt", },
"refsource" : "MISC", {
"url" : "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt" "name": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt",
}, "refsource": "MISC",
{ "url": "https://www.klink.name/security/aklink-sa-2008-004-office2007-signatures.txt"
"name" : "28548", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28548" "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt",
}, "refsource": "MISC",
{ "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-002.txt"
"name" : "1019736", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019736" "name": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt",
}, "refsource": "MISC",
{ "url": "https://www.cynops.de/advisories/AKLINK-SA-2008-004.txt"
"name" : "1019738", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019738" "name": "1019736",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1019736"
"name" : "1019737", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019737" "name": "1019738",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1019738"
"name" : "3978", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3978" "name": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt",
} "refsource": "MISC",
] "url": "https://www.klink.name/security/aklink-sa-2008-003-live-mail-smime.txt"
} },
} {
"name": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt",
"refsource": "MISC",
"url": "https://www.klink.name/security/aklink-sa-2008-002-outlook-smime.txt"
},
{
"name": "1019737",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019737"
},
{
"name": "https://www.cynops.de/techzone/http_over_x509.html",
"refsource": "MISC",
"url": "https://www.cynops.de/techzone/http_over_x509.html"
},
{
"name": "20080703 Unauthorized reading confirmation from Outlook",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493947/100/0/threaded"
}
]
}
}

270
2008/3xxx/CVE-2008-3139.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3139", "ID": "CVE-2008-3139",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080703 rPSA-2008-0212-1 tshark wireshark", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493882/100/0/threaded" "lang": "eng",
}, "value": "The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error."
{ }
"name" : "http://www.wireshark.org/security/wnpa-sec-2008-03.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.wireshark.org/security/wnpa-sec-2008-03.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212", "description": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2008-6440", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html" ]
}, },
{ "references": {
"name" : "GLSA-200808-04", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200808-04.xml" "name": "30886",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30886"
"name" : "SUSE-SR:2008:017", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" "name": "oval:org.mitre.oval:def:14682",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14682"
"name" : "30020", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30020" "name": "SUSE-SR:2008:017",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
"name" : "oval:org.mitre.oval:def:14682", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14682" "name": "wireshark-rtmpt-dos(43517)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43517"
"name" : "1020404", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020404" "name": "30942",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30942"
"name" : "30886", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30886" "name": "FEDORA-2008-6440",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html"
"name" : "30942", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30942" "name": "ADV-2008-1982",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1982/references"
"name" : "31085", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31085" "name": "31687",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31687"
"name" : "ADV-2008-1982", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1982/references" "name": "http://www.wireshark.org/security/wnpa-sec-2008-03.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2008-03.html"
"name" : "31378", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31378" "name": "GLSA-200808-04",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200808-04.xml"
"name" : "31687", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31687" "name": "20080703 rPSA-2008-0212-1 tshark wireshark",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/493882/100/0/threaded"
"name" : "wireshark-rtmpt-dos(43517)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43517" "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212",
} "refsource": "CONFIRM",
] "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212"
} },
} {
"name": "30020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30020"
},
{
"name": "31378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31378"
},
{
"name": "1020404",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020404"
},
{
"name": "31085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31085"
}
]
}
}

170
2008/3xxx/CVE-2008-3669.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3669", "ID": "CVE-2008-3669",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6165", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6165" "lang": "eng",
}, "value": "SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter."
{ }
"name" : "30445", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30445" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-2256", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2256/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31296", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/31296" ]
}, },
{ "references": {
"name" : "4151", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4151" "name": "6165",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/6165"
"name" : "reviewsopinions-comments-sql-injection(44100)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44100" "name": "30445",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/30445"
} },
} {
"name": "ADV-2008-2256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2256/references"
},
{
"name": "4151",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4151"
},
{
"name": "31296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31296"
},
{
"name": "reviewsopinions-comments-sql-injection(44100)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44100"
}
]
}
}

160
2008/3xxx/CVE-2008-3779.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3779", "ID": "CVE-2008-3779",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6294", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6294" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action."
{ }
"name" : "30808", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30808" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31585", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31585" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4184", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4184" ]
}, },
{ "references": {
"name" : "fivestar-index-xss(44637)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44637" "name": "31585",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/31585"
} },
} {
"name": "30808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30808"
},
{
"name": "fivestar-index-xss(44637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44637"
},
{
"name": "6294",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6294"
},
{
"name": "4184",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4184"
}
]
}
}

210
2008/3xxx/CVE-2008-3909.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3909", "ID": "CVE-2008-3909",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20080903 django CSRF vuln", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/09/03/4" "lang": "eng",
}, "value": "The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests."
{ }
"name" : "http://www.djangoproject.com/weblog/2008/sep/02/security/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.djangoproject.com/weblog/2008/sep/02/security/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=460966", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=460966" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1640", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2008/dsa-1640" ]
}, },
{ "references": {
"name" : "FEDORA-2008-7288", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00091.html" "name": "31837",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31837"
"name" : "FEDORA-2008-7672", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00131.html" "name": "http://www.djangoproject.com/weblog/2008/sep/02/security/",
}, "refsource": "CONFIRM",
{ "url": "http://www.djangoproject.com/weblog/2008/sep/02/security/"
"name" : "47906", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/47906" "name": "DSA-1640",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1640"
"name" : "31961", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31961" "name": "FEDORA-2008-7288",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00091.html"
"name" : "ADV-2008-2533", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2533" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=460966",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460966"
"name" : "31837", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31837" "name": "ADV-2008-2533",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/2533"
} },
} {
"name": "31961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31961"
},
{
"name": "[oss-security] 20080903 django CSRF vuln",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/03/4"
},
{
"name": "FEDORA-2008-7672",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00131.html"
},
{
"name": "47906",
"refsource": "OSVDB",
"url": "http://osvdb.org/47906"
}
]
}
}

140
2008/6xxx/CVE-2008-6538.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6538", "ID": "CVE-2008-6538",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5298", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5298" "lang": "eng",
}, "value": "DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a direct request to config/add/CfgOptUser."
{ }
"name" : "28426", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28426" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "destar-publisher-security-bypass(41384)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41384" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "destar-publisher-security-bypass(41384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41384"
},
{
"name": "28426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28426"
},
{
"name": "5298",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5298"
}
]
}
}

150
2008/6xxx/CVE-2008-6845.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6845", "ID": "CVE-2008-6845",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081210 [IVIZ-08-011] ClamAV lzh unpacking segmentation fault", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/499078/100/0/threaded" "lang": "eng",
}, "value": "The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file."
{ }
"name" : "http://www.ivizsecurity.com/security-advisory-iviz-sr-08011.html", ]
"refsource" : "MISC", },
"url" : "http://www.ivizsecurity.com/security-advisory-iviz-sr-08011.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32752", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32752" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "51963", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/51963" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20081210 [IVIZ-08-011] ClamAV lzh unpacking segmentation fault",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499078/100/0/threaded"
},
{
"name": "32752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32752"
},
{
"name": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08011.html",
"refsource": "MISC",
"url": "http://www.ivizsecurity.com/security-advisory-iviz-sr-08011.html"
},
{
"name": "51963",
"refsource": "OSVDB",
"url": "http://osvdb.org/51963"
}
]
}
}

140
2008/7xxx/CVE-2008-7048.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7048", "ID": "CVE-2008-7048",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp, as invoked from register.asp, or (2) txtRoomName parameter to room_new.asp. NOTE: these issues might be resultant from XSS in SQL error messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081120 NatterChat 1.12 txtUsername and txtRoomName XSS", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0461.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp, as invoked from register.asp, or (2) txtRoomName parameter to room_new.asp. NOTE: these issues might be resultant from XSS in SQL error messages."
{ }
"name" : "51985", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/51985" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "natterchat-register-xss(46768)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46768" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20081120 NatterChat 1.12 txtUsername and txtRoomName XSS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-11/0461.html"
},
{
"name": "51985",
"refsource": "OSVDB",
"url": "http://osvdb.org/51985"
},
{
"name": "natterchat-register-xss(46768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46768"
}
]
}
}

34
2013/2xxx/CVE-2013-2170.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-2170", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-2170",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
} }
] ]
} }
} }

34
2013/2xxx/CVE-2013-2510.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2510", "ID": "CVE-2013-2510",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/2xxx/CVE-2013-2946.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2946", "ID": "CVE-2013-2946",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/11xxx/CVE-2017-11483.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-11483", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-11483",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

180
2017/11xxx/CVE-2017-11541.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11541", "ID": "CVE-2017-11541",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print" "lang": "eng",
}, "value": "tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c."
{ }
"name" : "https://support.apple.com/HT208221", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT208221" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3971", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3971" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201709-23", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201709-23" ]
}, },
{ "references": {
"name" : "RHEA-2018:0705", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHEA-2018:0705" "name": "GLSA-201709-23",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201709-23"
"name" : "99941", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99941" "name": "https://support.apple.com/HT208221",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208221"
"name" : "1039307", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039307" "name": "DSA-3971",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2017/dsa-3971"
} },
} {
"name": "1039307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039307"
},
{
"name": "99941",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99941"
},
{
"name": "https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print",
"refsource": "MISC",
"url": "https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print"
},
{
"name": "RHEA-2018:0705",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
}
]
}
}

34
2017/11xxx/CVE-2017-11710.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11710", "ID": "CVE-2017-11710",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

142
2017/11xxx/CVE-2017-11850.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-11-14T00:00:00", "DATE_PUBLIC": "2017-11-14T00:00:00",
"ID" : "CVE-2017-11850", "ID": "CVE-2017-11850",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Graphics Component", "product_name": "Microsoft Graphics Component",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709." "version_value": "Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka \"Microsoft Graphics Component Information Disclosure Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850" "lang": "eng",
}, "value": "Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka \"Microsoft Graphics Component Information Disclosure Vulnerability\"."
{ }
"name" : "101738", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101738" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039782", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039782" "lang": "eng",
} "value": "Information Disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "101738",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101738"
},
{
"name": "1039782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039782"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11850"
}
]
}
}

120
2017/14xxx/CVE-2017-14035.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14035", "ID": "CVE-2017-14035",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CrushFTP 8.x before 8.2.0 has a serialization vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crushftp.com/version8.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://crushftp.com/version8.html" "lang": "eng",
} "value": "CrushFTP 8.x before 8.2.0 has a serialization vulnerability."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://crushftp.com/version8.html",
"refsource": "CONFIRM",
"url": "https://crushftp.com/version8.html"
}
]
}
}

120
2017/14xxx/CVE-2017-14704.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14704", "ID": "CVE-2017-14704",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42773", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42773/" "lang": "eng",
} "value": "Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42773",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42773/"
}
]
}
}

34
2017/15xxx/CVE-2017-15117.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-15117", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-15117",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
} }
] ]
} }
} }

140
2017/15xxx/CVE-2017-15210.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15210", "ID": "CVE-2017-15210",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://openwall.com/lists/oss-security/2017/10/04/9", "description_data": [
"refsource" : "MISC", {
"url" : "http://openwall.com/lists/oss-security/2017/10/04/9" "lang": "eng",
}, "value": "In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user."
{ }
"name" : "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1", ]
"refsource" : "MISC", },
"url" : "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://kanboard.net/news/version-1.0.47", "description": [
"refsource" : "MISC", {
"url" : "https://kanboard.net/news/version-1.0.47" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://openwall.com/lists/oss-security/2017/10/04/9",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/04/9"
},
{
"name": "https://kanboard.net/news/version-1.0.47",
"refsource": "MISC",
"url": "https://kanboard.net/news/version-1.0.47"
},
{
"name": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1",
"refsource": "MISC",
"url": "https://github.com/kanboard/kanboard/commit/7100f6de8a1f566e260b3e65312767e4cde112b1"
}
]
}
}

34
2017/15xxx/CVE-2017-15487.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-15487", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-15487",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

152
2017/8xxx/CVE-2017-8592.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00", "DATE_PUBLIC": "2017-07-11T00:00:00",
"ID" : "CVE-2017-8592", "ID": "CVE-2017-8592",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016", "product_name": "Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft browsers" "version_value": "Microsoft browsers"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka \"Microsoft Browser Security Feature Bypass\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8592", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8592" "lang": "eng",
}, "value": "Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka \"Microsoft Browser Security Feature Bypass\"."
{ }
"name" : "99396", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99396" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038859", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038859" "lang": "eng",
}, "value": "Security Feature Bypass"
{ }
"name" : "1038860", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038860" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1038860",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038860"
},
{
"name": "1038859",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038859"
},
{
"name": "99396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99396"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8592",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8592"
}
]
}
}

34
2017/8xxx/CVE-2017-8813.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-8813", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-8813",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-8831. Reason: This candidate is a duplicate of CVE-2017-8831. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2017-8831 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-8831. Reason: This candidate is a duplicate of CVE-2017-8831. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2017-8831 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

126
2018/1000xxx/CVE-2018-1000161.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-04-06T14:09:26.583532", "DATE_ASSIGNED": "2018-04-06T14:09:26.583532",
"DATE_REQUESTED" : "2018-03-27T14:18:58", "DATE_REQUESTED": "2018-03-27T14:18:58",
"ID" : "CVE-2018-1000161", "ID": "CVE-2018-1000161",
"REQUESTER" : "ocve@wolke7.net", "REQUESTER": "ocve@wolke7.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "nmap", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.49BETA6 through 7.60, up to and including SVN revision 37147" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "nmap" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nmap.org/changelog.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://nmap.org/changelog.html" "lang": "eng",
} "value": "nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nmap.org/changelog.html",
"refsource": "MISC",
"url": "https://nmap.org/changelog.html"
}
]
}
}

34
2018/12xxx/CVE-2018-12022.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12022", "ID": "CVE-2018-12022",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/12xxx/CVE-2018-12030.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12030", "ID": "CVE-2018-12030",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Chevereto Free before 1.0.13 has XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://edricteo.com/chevereto-free-xss-vulnerability-in-version-1.0.12/", "description_data": [
"refsource" : "MISC", {
"url" : "https://edricteo.com/chevereto-free-xss-vulnerability-in-version-1.0.12/" "lang": "eng",
}, "value": "Chevereto Free before 1.0.13 has XSS."
{ }
"name" : "https://github.com/Chevereto/Chevereto-Free/commit/159daeab6adfe828bd06e6e74f5b647bf9b1bb70", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/Chevereto/Chevereto-Free/commit/159daeab6adfe828bd06e6e74f5b647bf9b1bb70" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://edricteo.com/chevereto-free-xss-vulnerability-in-version-1.0.12/",
"refsource": "MISC",
"url": "https://edricteo.com/chevereto-free-xss-vulnerability-in-version-1.0.12/"
},
{
"name": "https://github.com/Chevereto/Chevereto-Free/commit/159daeab6adfe828bd06e6e74f5b647bf9b1bb70",
"refsource": "CONFIRM",
"url": "https://github.com/Chevereto/Chevereto-Free/commit/159daeab6adfe828bd06e6e74f5b647bf9b1bb70"
}
]
}
}

120
2018/12xxx/CVE-2018-12073.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12073", "ID": "CVE-2018-12073",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gist.github.com/freetom/2a446a226d0e98807c8b0c1111ef2def", "description_data": [
"refsource" : "MISC", {
"url" : "https://gist.github.com/freetom/2a446a226d0e98807c8b0c1111ef2def" "lang": "eng",
} "value": "An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this issue (e.g., in combination with a successful XSS, or at an unattended workstation) to change the admin password to an attacker-chosen value without knowing the current password."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/freetom/2a446a226d0e98807c8b0c1111ef2def",
"refsource": "MISC",
"url": "https://gist.github.com/freetom/2a446a226d0e98807c8b0c1111ef2def"
}
]
}
}

120
2018/12xxx/CVE-2018-12290.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12290", "ID": "CVE-2018-12290",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Yii2-StateMachine extension v2.x.x for Yii2 has XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.iwantacve.cn/index.php/archives/40/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.iwantacve.cn/index.php/archives/40/" "lang": "eng",
} "value": "The Yii2-StateMachine extension v2.x.x for Yii2 has XSS."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.iwantacve.cn/index.php/archives/40/",
"refsource": "MISC",
"url": "http://www.iwantacve.cn/index.php/archives/40/"
}
]
}
}

120
2018/12xxx/CVE-2018-12314.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12314", "ID": "CVE-2018-12314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the \"file\" and \"folder\" URL parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc" "lang": "eng",
} "value": "Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the \"file\" and \"folder\" URL parameters."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}

34
2018/12xxx/CVE-2018-12555.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-12555", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-12555",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }
} }

34
2018/12xxx/CVE-2018-12629.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12629", "ID": "CVE-2018-12629",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/13xxx/CVE-2018-13615.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13615", "ID": "CVE-2018-13615",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for MJCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for MJCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MJCToken", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MJCToken" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MJCToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MJCToken"
}
]
}
}

130
2018/13xxx/CVE-2018-13630.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13630", "ID": "CVE-2018-13630",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for DoccoinPreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for DoccoinPreICO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DoccoinPreICO", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DoccoinPreICO" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DoccoinPreICO",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/DoccoinPreICO"
}
]
}
}

120
2018/16xxx/CVE-2018-16744.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16744", "ID": "CVE-2018-16744",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty" "lang": "eng",
} "value": "An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty"
}
]
}
}

34
2018/16xxx/CVE-2018-16829.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16829", "ID": "CVE-2018-16829",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/16xxx/CVE-2018-16961.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16961", "ID": "CVE-2018-16961",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/16xxx/CVE-2018-16988.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16988", "ID": "CVE-2018-16988",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4261.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4261", "ID": "CVE-2018-4261",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4594.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4594", "ID": "CVE-2018-4594",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2018/4xxx/CVE-2018-4852.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "productcert@siemens.com", "ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC" : "2018-07-03T00:00:00", "DATE_PUBLIC": "2018-07-03T00:00:00",
"ID" : "CVE-2018-4852", "ID": "CVE-2018-4852",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SICLOCK TC100, SICLOCK TC400", "product_name": "SICLOCK TC100, SICLOCK TC400",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "SICLOCK TC100 : All versions" "version_value": "SICLOCK TC100 : All versions"
}, },
{ {
"version_value" : "SICLOCK TC400 : All versions" "version_value": "SICLOCK TC400 : All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Siemens AG" "vendor_name": "Siemens AG"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf" "lang": "eng",
}, "value": "A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device."
{ }
"name" : "104672", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104672" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104672"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-197012.pdf"
}
]
}
}

140
2018/4xxx/CVE-2018-4911.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-4911", "ID": "CVE-2018-4911",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The vulnerability is triggered by crafted JavaScript code embedded within a PDF file. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" "lang": "eng",
}, "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The vulnerability is triggered by crafted JavaScript code embedded within a PDF file. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack."
{ }
"name" : "102995", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102995" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040364", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040364" "lang": "eng",
} "value": "Use After Free"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "102995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102995"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"
},
{
"name": "1040364",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040364"
}
]
}
}