admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:55:21 +00:00
parent 99e6c01500
commit c8f1c3ec40
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3340 additions and 3286 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2004/0xxx/CVE-2004-0379.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0379",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040405 Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server 2001",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108118352303273&w=2"
},
{
"name" : "sharepoint-portal-xss(15729)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15729"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sharepoint-portal-xss(15729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15729"
},
{
"name": "20040405 Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server 2001",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108118352303273&w=2"
}
]
}
}

150
2004/0xxx/CVE-2004-0476.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0476",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040526 OfficeConnect Remote 812 ADSL Router Telnet Protocol DoS Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=105&type=vulnerabilities"
},
{
"name" : "10419",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10419"
},
{
"name" : "11716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11716"
},
{
"name" : "3com-officeconnect-telnet-bo(16257)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16257"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3com-officeconnect-telnet-bo(16257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16257"
},
{
"name": "20040526 OfficeConnect Remote 812 ADSL Router Telnet Protocol DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=105&type=vulnerabilities"
},
{
"name": "11716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11716"
},
{
"name": "10419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10419"
}
]
}
}

130
2004/1xxx/CVE-2004-1273.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1273",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a long filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tigger.uic.edu/~jlongs2/holes/greed.txt",
"refsource" : "MISC",
"url" : "http://tigger.uic.edu/~jlongs2/holes/greed.txt"
},
{
"name" : "greed-downloadloop-bo(18633)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18633"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a long filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tigger.uic.edu/~jlongs2/holes/greed.txt",
"refsource": "MISC",
"url": "http://tigger.uic.edu/~jlongs2/holes/greed.txt"
},
{
"name": "greed-downloadloop-bo(18633)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18633"
}
]
}
}

130
2004/1xxx/CVE-2004-1277.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1277",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tigger.uic.edu/~jlongs2/holes/iglooftp2.txt",
"refsource" : "MISC",
"url" : "http://tigger.uic.edu/~jlongs2/holes/iglooftp2.txt"
},
{
"name" : "iglooftp-file-overwrite(18561)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18561"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "iglooftp-file-overwrite(18561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18561"
},
{
"name": "http://tigger.uic.edu/~jlongs2/holes/iglooftp2.txt",
"refsource": "MISC",
"url": "http://tigger.uic.edu/~jlongs2/holes/iglooftp2.txt"
}
]
}
}

150
2004/1xxx/CVE-2004-1521.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eudora 6.2.0.14 does not issue a warning when a user forwards an e-mail message that contains base64 or quoted-printable encoded attachments, which makes it easier for remote attackers to read arbitrary files via spoofed \"Converted\" headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041113 Eudora 6.2 attachment spoof",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110037078519691&w=2"
},
{
"name" : "20041113 Eudora 6.2 attachment spoof",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=110053102601655&w=2"
},
{
"name" : "http://packetstormsecurity.nl/0411-exploits/eudora62014.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.nl/0411-exploits/eudora62014.txt"
},
{
"name" : "eudora-base64-attach-spoof-variant(18064)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18064"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eudora 6.2.0.14 does not issue a warning when a user forwards an e-mail message that contains base64 or quoted-printable encoded attachments, which makes it easier for remote attackers to read arbitrary files via spoofed \"Converted\" headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041113 Eudora 6.2 attachment spoof",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=110053102601655&w=2"
},
{
"name": "eudora-base64-attach-spoof-variant(18064)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18064"
},
{
"name": "20041113 Eudora 6.2 attachment spoof",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110037078519691&w=2"
},
{
"name": "http://packetstormsecurity.nl/0411-exploits/eudora62014.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.nl/0411-exploits/eudora62014.txt"
}
]
}
}

160
2004/1xxx/CVE-2004-1572.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1572",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041001 Multiple Vulnerabilities in AJ-Fork",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109664986210763&w=2"
},
{
"name" : "http://echo.or.id/adv/adv07-y3dips-2004.txt",
"refsource" : "MISC",
"url" : "http://echo.or.id/adv/adv07-y3dips-2004.txt"
},
{
"name" : "11301",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11301"
},
{
"name" : "1011484",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011484"
},
{
"name" : "af-fork-directory-disclosure(17569)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17569"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11301",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11301"
},
{
"name": "1011484",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011484"
},
{
"name": "af-fork-directory-disclosure(17569)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17569"
},
{
"name": "http://echo.or.id/adv/adv07-y3dips-2004.txt",
"refsource": "MISC",
"url": "http://echo.or.id/adv/adv07-y3dips-2004.txt"
},
{
"name": "20041001 Multiple Vulnerabilities in AJ-Fork",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109664986210763&w=2"
}
]
}
}

180
2004/1xxx/CVE-2004-1606.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1606",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041018 Multiple vulnerabilities in Sage Saleslogix",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109811852218478&w=2"
},
{
"name" : "20041018 Multiple vulnerabilities in Sage Saleslogix",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0661.html"
},
{
"name" : "11450",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11450"
},
{
"name" : "10943",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/10943"
},
{
"name" : "1011769",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011769"
},
{
"name" : "12883",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12883"
},
{
"name" : "saleslogix-info-disclosure(17750)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17750"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "saleslogix-info-disclosure(17750)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17750"
},
{
"name": "10943",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10943"
},
{
"name": "12883",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12883"
},
{
"name": "20041018 Multiple vulnerabilities in Sage Saleslogix",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109811852218478&w=2"
},
{
"name": "1011769",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011769"
},
{
"name": "11450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11450"
},
{
"name": "20041018 Multiple vulnerabilities in Sage Saleslogix",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0661.html"
}
]
}
}

170
2004/1xxx/CVE-2004-1985.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108360247732014&w=2"
},
{
"name" : "http://www.waraxe.us/index.php?modname=sa&id=26",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/index.php?modname=sa&id=26"
},
{
"name" : "10253",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10253"
},
{
"name" : "5757",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5757"
},
{
"name" : "11524",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11524"
},
{
"name" : "coppermine-menuincpho-xss(16040)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16040"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040502 [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108360247732014&w=2"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa&id=26",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa&id=26"
},
{
"name": "coppermine-menuincpho-xss(16040)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16040"
},
{
"name": "5757",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5757"
},
{
"name": "10253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10253"
},
{
"name": "11524",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11524"
}
]
}
}

150
2004/2xxx/CVE-2004-2242.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://phorum.org/cvs-changelog-5.txt",
"refsource" : "MISC",
"url" : "http://phorum.org/cvs-changelog-5.txt"
},
{
"name" : "10822",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10822"
},
{
"name" : "1010787",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1010787"
},
{
"name" : "phorum-searchphp-xss(16831)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16831"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1010787",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010787"
},
{
"name": "10822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10822"
},
{
"name": "http://phorum.org/cvs-changelog-5.txt",
"refsource": "MISC",
"url": "http://phorum.org/cvs-changelog-5.txt"
},
{
"name": "phorum-searchphp-xss(16831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16831"
}
]
}
}

160
2004/2xxx/CVE-2004-2323.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2323",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040128 Dotnetnuke Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html"
},
{
"name" : "9518",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9518"
},
{
"name" : "3749",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3749"
},
{
"name" : "10747",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10747"
},
{
"name" : "dotnetnuke-get-information-disclosure(14972)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14972"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10747"
},
{
"name": "3749",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3749"
},
{
"name": "9518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9518"
},
{
"name": "20040128 Dotnetnuke Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html"
},
{
"name": "dotnetnuke-get-information-disclosure(14972)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14972"
}
]
}
}

150
2004/2xxx/CVE-2004-2438.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "11296",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11296"
},
{
"name" : "10439",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/10439"
},
{
"name" : "12686",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12686/"
},
{
"name" : "phpfusion-submit-xss(17548)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17548"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10439",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10439"
},
{
"name": "phpfusion-submit-xss(17548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17548"
},
{
"name": "11296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11296"
},
{
"name": "12686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12686/"
}
]
}
}

200
2008/2xxx/CVE-2008-2622.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620, and CVE-2008-2621."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name" : "ADV-2008-2115",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2115"
},
{
"name" : "ADV-2008-2109",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2109/references"
},
{
"name" : "1020497",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020497"
},
{
"name" : "31113",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31113"
},
{
"name" : "31087",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31087"
},
{
"name" : "oracle-peoplesoft-peoptools-priv-escalation2(43817)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43817"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620, and CVE-2008-2621."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
},
{
"name": "ADV-2008-2115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2115"
},
{
"name": "oracle-peoplesoft-peoptools-priv-escalation2(43817)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43817"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name": "1020497",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020497"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name": "ADV-2008-2109",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2109/references"
},
{
"name": "31087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31087"
},
{
"name": "31113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31113"
}
]
}
}

150
2008/2xxx/CVE-2008-2882.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2882",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5895",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5895"
},
{
"name" : "30787",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30787"
},
{
"name" : "3962",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3962"
},
{
"name" : "shibbyshop-upgrade-urun-unauth-access(43296)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "upgrade.asp in sHibby sHop 2.2 and earlier does not require administrative authentication, which allows remote attackers to update a file or have unspecified other impact via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30787"
},
{
"name": "5895",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5895"
},
{
"name": "shibbyshop-upgrade-urun-unauth-access(43296)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43296"
},
{
"name": "3962",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3962"
}
]
}
}

140
2008/2xxx/CVE-2008-2984.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in backend/umleitung.php in CMReams CMS 1.3.1.1 Beta 2 allows remote attackers to inject arbitrary web script or HTML via the lang[be_red_text] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5905",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5905"
},
{
"name" : "29891",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29891"
},
{
"name" : "cmreamscms-umleitung-xss(43266)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43266"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in backend/umleitung.php in CMReams CMS 1.3.1.1 Beta 2 allows remote attackers to inject arbitrary web script or HTML via the lang[be_red_text] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29891"
},
{
"name": "5905",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5905"
},
{
"name": "cmreamscms-umleitung-xss(43266)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43266"
}
]
}
}

34
2008/3xxx/CVE-2008-3017.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3017",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2008-3017",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}
}

220
2008/3xxx/CVE-2008-3274.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-3274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git;a=commit;h=9932887f2af38b9701efec27707648c026ec445c",
"refsource" : "CONFIRM",
"url" : "http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git;a=commit;h=9932887f2af38b9701efec27707648c026ec445c"
},
{
"name" : "http://www.freeipa.org/page/CVE-2008-3274",
"refsource" : "CONFIRM",
"url" : "http://www.freeipa.org/page/CVE-2008-3274"
},
{
"name" : "http://www.freeipa.org/page/Downloads",
"refsource" : "CONFIRM",
"url" : "http://www.freeipa.org/page/Downloads"
},
{
"name" : "http://www.freeipa.org/page/News",
"refsource" : "CONFIRM",
"url" : "http://www.freeipa.org/page/News"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=457835",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=457835"
},
{
"name" : "FEDORA-2008-7987",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html"
},
{
"name" : "FEDORA-2008-8003",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html"
},
{
"name" : "RHSA-2008:0860",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0860.html"
},
{
"name" : "31111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31111"
},
{
"name" : "1020850",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020850"
},
{
"name" : "31861",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31861"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA before 1.1.1 places ldap:///anyone on the read ACL for the krbMKey attribute, which allows remote attackers to obtain the Kerberos master key via an anonymous LDAP query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-7987",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00733.html"
},
{
"name": "FEDORA-2008-8003",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00743.html"
},
{
"name": "31111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31111"
},
{
"name": "http://www.freeipa.org/page/News",
"refsource": "CONFIRM",
"url": "http://www.freeipa.org/page/News"
},
{
"name": "http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git;a=commit;h=9932887f2af38b9701efec27707648c026ec445c",
"refsource": "CONFIRM",
"url": "http://git.fedorahosted.org/git/freeipa.git/?p=freeipa.git;a=commit;h=9932887f2af38b9701efec27707648c026ec445c"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=457835",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457835"
},
{
"name": "http://www.freeipa.org/page/CVE-2008-3274",
"refsource": "CONFIRM",
"url": "http://www.freeipa.org/page/CVE-2008-3274"
},
{
"name": "1020850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020850"
},
{
"name": "31861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31861"
},
{
"name": "RHSA-2008:0860",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0860.html"
},
{
"name": "http://www.freeipa.org/page/Downloads",
"refsource": "CONFIRM",
"url": "http://www.freeipa.org/page/Downloads"
}
]
}
}

160
2008/3xxx/CVE-2008-3303.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3303",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6073",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6073"
},
{
"name" : "30225",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30225"
},
{
"name" : "31054",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31054"
},
{
"name" : "4036",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4036"
},
{
"name" : "bilboblog-login-auth-bypass(43762)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43762"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, allows remote attackers to bypass authentication and obtain administrative access via a direct request that sets the login, admin_login, password, and admin_passwd parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31054"
},
{
"name": "6073",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6073"
},
{
"name": "30225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30225"
},
{
"name": "bilboblog-login-auth-bypass(43762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43762"
},
{
"name": "4036",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4036"
}
]
}
}

150
2008/3xxx/CVE-2008-3310.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6119",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6119"
},
{
"name" : "31187",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31187"
},
{
"name" : "4039",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4039"
},
{
"name" : "presurveypoll-default-sql-injection(43956)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43956"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4039",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4039"
},
{
"name": "presurveypoll-default-sql-injection(43956)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43956"
},
{
"name": "6119",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6119"
},
{
"name": "31187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31187"
}
]
}
}

150
2008/6xxx/CVE-2008-6084.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6084",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6803",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6803"
},
{
"name" : "31873",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31873"
},
{
"name" : "32380",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32380"
},
{
"name" : "iammasimplegallery-upload-file-upload(46041)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46041"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31873"
},
{
"name": "6803",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6803"
},
{
"name": "32380",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32380"
},
{
"name": "iammasimplegallery-upload-file-upload(46041)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46041"
}
]
}
}

150
2008/6xxx/CVE-2008-6144.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6144",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2"
},
{
"name" : "ADV-2008-3502",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3502"
},
{
"name" : "33254",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33254"
},
{
"name": "ADV-2008-3502",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3502"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-2"
},
{
"name": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/wec_discussion/1.7.1"
}
]
}
}

180
2008/6xxx/CVE-2008-6886.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081125 RSA EnVision Remote Password Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=122765140110581&w=2"
},
{
"name" : "http://www.secfault.org/?p=78",
"refsource" : "MISC",
"url" : "http://www.secfault.org/?p=78"
},
{
"name" : "32473",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32473"
},
{
"name" : "50273",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/50273"
},
{
"name" : "32883",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32883"
},
{
"name" : "ADV-2008-3288",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3288"
},
{
"name" : "envision-webconsole-info-disclosure(46884)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46884"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081125 RSA EnVision Remote Password Disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=122765140110581&w=2"
},
{
"name": "http://www.secfault.org/?p=78",
"refsource": "MISC",
"url": "http://www.secfault.org/?p=78"
},
{
"name": "50273",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50273"
},
{
"name": "32473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32473"
},
{
"name": "32883",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32883"
},
{
"name": "envision-webconsole-info-disclosure(46884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46884"
},
{
"name": "ADV-2008-3288",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3288"
}
]
}
}

34
2013/2xxx/CVE-2013-2521.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2521",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2521",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2017/11xxx/CVE-2017-11080.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00",
"ID" : "CVE-2017-11080",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to 4294967296."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Configuration Vulnerability in Boot"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-11080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to 4294967296."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Configuration Vulnerability in Boot"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
]
}
}

34
2017/11xxx/CVE-2017-11477.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11477",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11477",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2017/11xxx/CVE-2017-11523.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11523",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/869210",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/869210"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/591",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/591"
},
{
"name" : "DSA-4019",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4019"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078"
},
{
"name": "https://bugs.debian.org/869210",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/869210"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/591",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/591"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78"
},
{
"name": "DSA-4019",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4019"
}
]
}
}

130
2017/11xxx/CVE-2017-11663.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11663",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42433",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42433/"
},
{
"name" : "20170808 wildmidi multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Aug/12"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42433",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42433/"
},
{
"name": "20170808 wildmidi multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Aug/12"
}
]
}
}

142
2017/11xxx/CVE-2017-11824.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-10-10T00:00:00",
"ID" : "CVE-2017-11824",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Graphics Component",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles objects in memory, aka \"Windows Graphics Component Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Graphics Component",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11824",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11824"
},
{
"name" : "101099",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101099"
},
{
"name" : "1039536",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039536"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles objects in memory, aka \"Windows Graphics Component Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101099"
},
{
"name": "1039536",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039536"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11824",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11824"
}
]
}
}

120
2017/14xxx/CVE-2017-14287.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14287",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"Read Access Violation on Control Flow starting at STDUJBIG2File+0x00000000000015eb.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14287",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14287"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"Read Access Violation on Control Flow starting at STDUJBIG2File+0x00000000000015eb.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14287",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14287"
}
]
}
}

130
2017/14xxx/CVE-2017-14344.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42665",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42665/"
},
{
"name" : "http://srcincite.io/advisories/src-2017-0027/",
"refsource" : "MISC",
"url" : "http://srcincite.io/advisories/src-2017-0027/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42665",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42665/"
},
{
"name": "http://srcincite.io/advisories/src-2017-0027/",
"refsource": "MISC",
"url": "http://srcincite.io/advisories/src-2017-0027/"
}
]
}
}

132
2017/14xxx/CVE-2017-14872.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-06-05T00:00:00",
"ID" : "CVE-2017-14872",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Possible buffer overread while flashing meta image"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-06-05T00:00:00",
"ID": "CVE-2017-14872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components"
},
{
"name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=1daa83baa41d1e6291e89f69e6487695b6890c01",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=1daa83baa41d1e6291e89f69e6487695b6890c01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Possible buffer overread while flashing meta image"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components"
},
{
"name": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=1daa83baa41d1e6291e89f69e6487695b6890c01",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=1daa83baa41d1e6291e89f69e6487695b6890c01"
}
]
}
}

130
2017/15xxx/CVE-2017-15359.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15359",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: \"/api/RecordingList/DownloadRecord?file=\" and \"/api/SupportInfo?file=\" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42991",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42991/"
},
{
"name" : "20171016 [CVE-2017-15359] 3CX Phone System - Authenticated Directory Traversal",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Oct/37"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: \"/api/RecordingList/DownloadRecord?file=\" and \"/api/SupportInfo?file=\" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20171016 [CVE-2017-15359] 3CX Phone System - Authenticated Directory Traversal",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Oct/37"
},
{
"name": "42991",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42991/"
}
]
}
}

140
2017/15xxx/CVE-2017-15377.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181204 [SECURITY] [DLA 1603-1] suricata security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00000.html"
},
{
"name" : "https://github.com/OISF/suricata/pull/2680/commits/47afc577ff763150f9b47f10331f5ef9eb847a57",
"refsource" : "MISC",
"url" : "https://github.com/OISF/suricata/pull/2680/commits/47afc577ff763150f9b47f10331f5ef9eb847a57"
},
{
"name" : "https://redmine.openinfosecfoundation.org/issues/2231",
"refsource" : "MISC",
"url" : "https://redmine.openinfosecfoundation.org/issues/2231"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181204 [SECURITY] [DLA 1603-1] suricata security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00000.html"
},
{
"name": "https://github.com/OISF/suricata/pull/2680/commits/47afc577ff763150f9b47f10331f5ef9eb847a57",
"refsource": "MISC",
"url": "https://github.com/OISF/suricata/pull/2680/commits/47afc577ff763150f9b47f10331f5ef9eb847a57"
},
{
"name": "https://redmine.openinfosecfoundation.org/issues/2231",
"refsource": "MISC",
"url": "https://redmine.openinfosecfoundation.org/issues/2231"
}
]
}
}

34
2017/15xxx/CVE-2017-15556.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15556",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15556",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

130
2017/15xxx/CVE-2017-15648.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phpsugar.com/blog/2017/10/php-melody-v2-7-3-maintenance-release/",
"refsource" : "MISC",
"url" : "http://www.phpsugar.com/blog/2017/10/php-melody-v2-7-3-maintenance-release/"
},
{
"name" : "https://blogs.securiteam.com/index.php/archives/3464",
"refsource" : "MISC",
"url" : "https://blogs.securiteam.com/index.php/archives/3464"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpsugar.com/blog/2017/10/php-melody-v2-7-3-maintenance-release/",
"refsource": "MISC",
"url": "http://www.phpsugar.com/blog/2017/10/php-melody-v2-7-3-maintenance-release/"
},
{
"name": "https://blogs.securiteam.com/index.php/archives/3464",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3464"
}
]
}
}

120
2017/15xxx/CVE-2017-15784.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an \"Illegal Instruction Violation starting at xnview+0x0000000000370074.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15784",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15784"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an \"Illegal Instruction Violation starting at xnview+0x0000000000370074.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15784",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15784"
}
]
}
}

34
2017/15xxx/CVE-2017-15915.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15915",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15915",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

152
2017/8xxx/CVE-2017-8601.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00",
"ID" : "CVE-2017-8601",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Edge"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8598 and CVE-2017-8609."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-8601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "Microsoft Edge"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42479",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42479/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8601",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8601"
},
{
"name" : "99420",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99420"
},
{
"name" : "1038849",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038849"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8598 and CVE-2017-8609."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8601",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8601"
},
{
"name": "1038849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038849"
},
{
"name": "99420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99420"
},
{
"name": "42479",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42479/"
}
]
}
}

34
2017/8xxx/CVE-2017-8698.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8698",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8698",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

146
2018/1000xxx/CVE-2018-1000222.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-08-02T16:41:53.512430",
"DATE_REQUESTED" : "2018-07-29T15:06:35",
"ID" : "CVE-2018-1000222",
"REQUESTER" : "solmaz.salimi@sharif.edu",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Libgd",
"version" : {
"version_data" : [
{
"version_value" : "2.2.5"
}
]
}
}
]
},
"vendor_name" : "Libgd"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Double Free Vulnerability "
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-02T16:41:53.512430",
"DATE_REQUESTED": "2018-07-29T15:06:35",
"ID": "CVE-2018-1000222",
"REQUESTER": "solmaz.salimi@sharif.edu",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190130 [SECURITY] [DLA 1651-1] libgd2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html"
},
{
"name" : "https://github.com/libgd/libgd/issues/447",
"refsource" : "CONFIRM",
"url" : "https://github.com/libgd/libgd/issues/447"
},
{
"name" : "USN-3755-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3755-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution . This attack appear to be exploitable via Specially Crafted Jpeg Image can trigger double free. This vulnerability appears to have been fixed in after commit ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libgd/libgd/issues/447",
"refsource": "CONFIRM",
"url": "https://github.com/libgd/libgd/issues/447"
},
{
"name": "USN-3755-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3755-1/"
},
{
"name": "[debian-lts-announce] 20190130 [SECURITY] [DLA 1651-1] libgd2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html"
}
]
}
}

136
2018/1000xxx/CVE-2018-1000855.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-05T14:18:48.093768",
"DATE_REQUESTED" : "2018-11-19T08:38:18",
"ID" : "CVE-2018-1000855",
"REQUESTER" : "rosa@basecamp.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "easymon",
"version" : {
"version_data" : [
{
"version_value" : "1.4 and earlier"
}
]
}
}
]
},
"vendor_name" : "easymon"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Can be used to steal cookies, depending on the cookie settings.. This attack appear to be exploitable via The victim must click on a crafted URL that contains the XSS payload. This vulnerability appears to have been fixed in 1.4.1 and later."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-12-05T14:18:48.093768",
"DATE_REQUESTED": "2018-11-19T08:38:18",
"ID": "CVE-2018-1000855",
"REQUESTER": "rosa@basecamp.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/basecamp/easymon/issues/26",
"refsource" : "MISC",
"url" : "https://github.com/basecamp/easymon/issues/26"
},
{
"name" : "https://github.com/basecamp/easymon/pull/25",
"refsource" : "MISC",
"url" : "https://github.com/basecamp/easymon/pull/25"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Can be used to steal cookies, depending on the cookie settings.. This attack appear to be exploitable via The victim must click on a crafted URL that contains the XSS payload. This vulnerability appears to have been fixed in 1.4.1 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/basecamp/easymon/pull/25",
"refsource": "MISC",
"url": "https://github.com/basecamp/easymon/pull/25"
},
{
"name": "https://github.com/basecamp/easymon/issues/26",
"refsource": "MISC",
"url": "https://github.com/basecamp/easymon/issues/26"
}
]
}
}

150
2018/12xxx/CVE-2018-12066.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bird.network.cz",
"refsource" : "CONFIRM",
"url" : "http://bird.network.cz"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900967",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900967"
},
{
"name" : "https://gitlab.labs.nic.cz/labs/bird/blob/v1.6.4/NEWS#L11",
"refsource" : "CONFIRM",
"url" : "https://gitlab.labs.nic.cz/labs/bird/blob/v1.6.4/NEWS#L11"
},
{
"name" : "https://gitlab.labs.nic.cz/labs/bird/commit/e8bc64e308586b6502090da2775af84cd760ed0d",
"refsource" : "CONFIRM",
"url" : "https://gitlab.labs.nic.cz/labs/bird/commit/e8bc64e308586b6502090da2775af84cd760ed0d"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.labs.nic.cz/labs/bird/blob/v1.6.4/NEWS#L11",
"refsource": "CONFIRM",
"url": "https://gitlab.labs.nic.cz/labs/bird/blob/v1.6.4/NEWS#L11"
},
{
"name": "https://gitlab.labs.nic.cz/labs/bird/commit/e8bc64e308586b6502090da2775af84cd760ed0d",
"refsource": "CONFIRM",
"url": "https://gitlab.labs.nic.cz/labs/bird/commit/e8bc64e308586b6502090da2775af84cd760ed0d"
},
{
"name": "http://bird.network.cz",
"refsource": "CONFIRM",
"url": "http://bird.network.cz"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900967",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900967"
}
]
}
}

122
2018/12xxx/CVE-2018-12202.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2019-03-12T00:00:00",
"ID" : "CVE-2018-12202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel Platform Sample / Silicon Reference firmware",
"version" : {
"version_data" : [
{
"version_value" : "Multiple versions."
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2019-03-12T00:00:00",
"ID": "CVE-2018-12202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Platform Sample / Silicon Reference firmware",
"version": {
"version_data": [
{
"version_value": "Multiple versions."
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00191.html"
}
]
}
}

120
2018/12xxx/CVE-2018-12438.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"refsource" : "MISC",
"url" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
}
]
}
}

34
2018/12xxx/CVE-2018-12616.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12616",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12616",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/13xxx/CVE-2018-13537.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13537",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit"
}
]
}
}

130
2018/13xxx/CVE-2018-13582.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for My2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/My2Token",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/My2Token"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for My2Token, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/My2Token",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/My2Token"
}
]
}
}

130
2018/13xxx/CVE-2018-13674.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for ComBillAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ComBillAdvancedToken",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ComBillAdvancedToken"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for ComBillAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ComBillAdvancedToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ComBillAdvancedToken"
}
]
}
}

34
2018/16xxx/CVE-2018-16360.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16360",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16360",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/16xxx/CVE-2018-16486.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2018-16486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "defaults-deep",
"version" : {
"version_data" : [
{
"version_value" : "<=0.2.4"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service (CWE-400)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2018-16486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "defaults-deep",
"version": {
"version_data": [
{
"version_value": "<=0.2.4"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/380878",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/380878"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/380878",
"refsource": "MISC",
"url": "https://hackerone.com/reports/380878"
}
]
}
}

34
2018/16xxx/CVE-2018-16748.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16748",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16748",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/16xxx/CVE-2018-16918.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16918",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16918",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

58
2018/19xxx/CVE-2018-19525.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19525",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Systrome ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. There is CSRF via /ui/?g=obj_keywords_add and /ui/?g=obj_keywords_addsave with resultant XSS because of a lack of csrf token validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151647/SYSTORME-ISG-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151647/SYSTORME-ISG-Cross-Site-Request-Forgery.html"
},
{
"url": "http://breakthesec.com",
"refsource": "MISC",
"name": "http://breakthesec.com"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Feb/31",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Feb/31"
}
]
}

34
2018/4xxx/CVE-2018-4328.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4328",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4328",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4352.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4352",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4352",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4457.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4457",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4457",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4798.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4798",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4798",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/4xxx/CVE-2018-4984.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name" : "104172",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104172"
},
{
"name" : "1040920",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040920"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104172"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name": "1040920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040920"
}
]
}
}