admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:50:44 +00:00
parent 81057c5dc4
commit d5a4a8af6c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3478 additions and 3478 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
2004/0xxx/CVE-2004-0018.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0018", "ID": "CVE-2004-0018",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

200
2004/0xxx/CVE-2004-0120.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0120", "ID": "CVE-2004-0120",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS04-011", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011" "lang": "eng",
}, "value": "The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages."
{ }
"name" : "TA04-104A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#150236", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/150236" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "O-114", ]
"refsource" : "CIAC", }
"url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml" ]
}, },
{ "references": {
"name" : "10115", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10115" "name": "O-114",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/o-114.shtml"
"name" : "oval:org.mitre.oval:def:885", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A885" "name": "VU#150236",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/150236"
"name" : "oval:org.mitre.oval:def:886", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A886" "name": "oval:org.mitre.oval:def:885",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A885"
"name" : "oval:org.mitre.oval:def:892", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A892" "name": "oval:org.mitre.oval:def:886",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A886"
"name" : "ssl-message-dos(15712)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15712" "name": "ssl-message-dos(15712)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15712"
} },
} {
"name": "MS04-011",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011"
},
{
"name": "oval:org.mitre.oval:def:892",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A892"
},
{
"name": "TA04-104A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-104A.html"
},
{
"name": "10115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10115"
}
]
}
}

34
2004/0xxx/CVE-2004-0973.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2004-0973", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2004-0973",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0457. Reason: This candidate is a reservation duplicate of CVE-2004-0457. Notes: All CVE users should reference CVE-2004-0457 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0457. Reason: This candidate is a reservation duplicate of CVE-2004-0457. Notes: All CVE users should reference CVE-2004-0457 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

160
2004/1xxx/CVE-2004-1229.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1229", "ID": "CVE-2004-1229",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041213 Gadu-Gadu several vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110295777306493&w=2" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410."
{ }
"name" : "http://www.man.poznan.pl/~security/gg-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://www.man.poznan.pl/~security/gg-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11899", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11899" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12517", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/12517" ]
}, },
{ "references": {
"name" : "13450", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13450" "name": "20041213 Gadu-Gadu several vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=110295777306493&w=2"
} },
} {
"name": "12517",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12517"
},
{
"name": "http://www.man.poznan.pl/~security/gg-adv.txt",
"refsource": "MISC",
"url": "http://www.man.poznan.pl/~security/gg-adv.txt"
},
{
"name": "13450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13450"
},
{
"name": "11899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11899"
}
]
}
}

190
2004/1xxx/CVE-2004-1428.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1428", "ID": "CVE-2004-1428",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041231 ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110451582011666&w=2" "lang": "eng",
}, "value": "ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames."
{ }
"name" : "http://www.lovebug.org/argosoft_advisory.txt", ]
"refsource" : "MISC", },
"url" : "http://www.lovebug.org/argosoft_advisory.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.argosoft.com/ftpserver/changelist.aspx", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.argosoft.com/ftpserver/changelist.aspx" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12139", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/12139" ]
}, },
{ "references": {
"name" : "11335", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/11335" "name": "argosoft-information-disclosure(18721)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18721"
"name" : "1012744", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1012744" "name": "1012744",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1012744"
"name" : "13063", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13063" "name": "13063",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/13063"
"name" : "argosoft-information-disclosure(18721)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18721" "name": "http://www.lovebug.org/argosoft_advisory.txt",
} "refsource": "MISC",
] "url": "http://www.lovebug.org/argosoft_advisory.txt"
} },
} {
"name": "12139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12139"
},
{
"name": "http://www.argosoft.com/ftpserver/changelist.aspx",
"refsource": "CONFIRM",
"url": "http://www.argosoft.com/ftpserver/changelist.aspx"
},
{
"name": "20041231 ArGoSoft FTP Server reveals valid usernames and allows for brute force attacks",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110451582011666&w=2"
},
{
"name": "11335",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11335"
}
]
}
}

170
2004/1xxx/CVE-2004-1477.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1477", "ID": "CVE-2004-1477",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040923 New Macromedia Security Zone Bulletins Posted", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109621995623823&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session."
{ }
"name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#668206", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/668206" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11245", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/11245" ]
}, },
{ "references": {
"name" : "12638", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12638/" "name": "VU#668206",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/668206"
"name" : "jrun-management-console-xss(17483)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17483" "name": "20040923 New Macromedia Security Zone Bulletins Posted",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=109621995623823&w=2"
} },
} {
"name": "jrun-management-console-xss(17483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17483"
},
{
"name": "11245",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11245"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html"
},
{
"name": "12638",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12638/"
}
]
}
}

220
2004/2xxx/CVE-2004-2669.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2669", "ID": "CVE-2004-2669",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d in users.php, (2) id in comments.php, (3) rusername in auth.php, or (4) h in plug.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.neocrome.net/page.php?id=1573", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.neocrome.net/page.php?id=1573" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d in users.php, (2) id in comments.php, (3) rusername in auth.php, or (4) h in plug.php."
{ }
"name" : "http://www.ptsecurity.ru/advisory.asp", ]
"refsource" : "MISC", },
"url" : "http://www.ptsecurity.ru/advisory.asp" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.neocrome.net/index.php?m=single&id=91", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.neocrome.net/index.php?m=single&id=91" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11569", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/11569" ]
}, },
{ "references": {
"name" : "11299", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/11299" "name": "land-down-under-sql-injection(17912)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17912"
"name" : "11300", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/11300" "name": "http://www.neocrome.net/index.php?m=single&id=91",
}, "refsource": "CONFIRM",
{ "url": "http://www.neocrome.net/index.php?m=single&id=91"
"name" : "11301", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/11301" "name": "11300",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/11300"
"name" : "11302", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/11302" "name": "11569",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/11569"
"name" : "1012015", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1012015" "name": "13034",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/13034"
"name" : "13034", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13034" "name": "11299",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/11299"
"name" : "land-down-under-sql-injection(17912)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17912" "name": "11301",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/11301"
} },
} {
"name": "1012015",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012015"
},
{
"name": "http://www.neocrome.net/page.php?id=1573",
"refsource": "MISC",
"url": "http://www.neocrome.net/page.php?id=1573"
},
{
"name": "http://www.ptsecurity.ru/advisory.asp",
"refsource": "MISC",
"url": "http://www.ptsecurity.ru/advisory.asp"
},
{
"name": "11302",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11302"
}
]
}
}

310
2008/2xxx/CVE-2008-2372.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-2372", "ID": "CVE-2008-2372",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of \"useless newly zeroed pages.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[linux-kernel] 20080430 Re: Page Faults slower in 2.6.25-rc9 than 2.6.23", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0804.3/3203.html" "lang": "eng",
}, "value": "The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users to cause a denial of service (memory consumption) via a large number of calls to the get_user_pages function, which lacks a ZERO_PAGE optimization and results in allocation of \"useless newly zeroed pages.\""
{ }
"name" : "http://new-ubuntu-news.blogspot.com/2008/06/re-pending-stable-kernel-security_25.html", ]
"refsource" : "MISC", },
"url" : "http://new-ubuntu-news.blogspot.com/2008/06/re-pending-stable-kernel-security_25.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89f5b7da2a6bad2e84670422ab8192382a5aeb9f", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89f5b7da2a6bad2e84670422ab8192382a5aeb9f" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9", ]
"refsource" : "CONFIRM", }
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9" ]
}, },
{ "references": {
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207" "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0207"
"name" : "https://issues.rpath.com/browse/RPL-2629", },
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-2629" "name": "32485",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32485"
"name" : "RHSA-2008:0585", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0585.html" "name": "SUSE-SA:2008:038",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html"
"name" : "RHSA-2008:0957", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0957.html" "name": "SUSE-SA:2008:035",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html"
"name" : "SUSE-SA:2008:035", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html" "name": "32393",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32393"
"name" : "SUSE-SA:2008:037", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html" "name": "[linux-kernel] 20080430 Re: Page Faults slower in 2.6.25-rc9 than 2.6.23",
}, "refsource": "MLIST",
{ "url": "http://www.ussg.iu.edu/hypermail/linux/kernel/0804.3/3203.html"
"name" : "SUSE-SA:2008:038", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html" "name": "RHSA-2008:0957",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html"
"name" : "USN-659-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-659-1" "name": "oval:org.mitre.oval:def:9383",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9383"
"name" : "oval:org.mitre.oval:def:9383", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9383" "name": "30982",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30982"
"name" : "30901", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30901" "name": "USN-659-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-659-1"
"name" : "31202", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31202" "name": "30901",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30901"
"name" : "31628", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31628" "name": "http://new-ubuntu-news.blogspot.com/2008/06/re-pending-stable-kernel-security_25.html",
}, "refsource": "MISC",
{ "url": "http://new-ubuntu-news.blogspot.com/2008/06/re-pending-stable-kernel-security_25.html"
"name" : "32393", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32393" "name": "RHSA-2008:0585",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0585.html"
"name" : "32485", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32485" "name": "SUSE-SA:2008:037",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00009.html"
"name" : "30982", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30982" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89f5b7da2a6bad2e84670422ab8192382a5aeb9f",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89f5b7da2a6bad2e84670422ab8192382a5aeb9f"
"name" : "linux-kernel-getuserpages-dos(43550)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43550" "name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9",
} "refsource": "CONFIRM",
] "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.9"
} },
} {
"name": "https://issues.rpath.com/browse/RPL-2629",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2629"
},
{
"name": "31628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31628"
},
{
"name": "31202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31202"
},
{
"name": "linux-kernel-getuserpages-dos(43550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43550"
}
]
}
}

140
2008/2xxx/CVE-2008-2530.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2530", "ID": "CVE-2008-2530",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to (d) frontend/events2.php, and the (4) ser parameter to (e) frontend/fotos2.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5588", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5588" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to (d) frontend/events2.php, and the (4) ser parameter to (e) frontend/fotos2.php."
{ }
"name" : "29145", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29145" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "quickupcms-news-sql-injection(42325)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42325" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "quickupcms-news-sql-injection(42325)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42325"
},
{
"name": "29145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29145"
},
{
"name": "5588",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5588"
}
]
}
}

140
2008/2xxx/CVE-2008-2976.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2976", "ID": "CVE-2008-2976",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c) admin/objects/catalog.ajaxhandler.php; and the (2) prefix parameter to (d) admin/inc/config.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5917", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5917" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in TinX/cms 1.1, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) language parameter to (a) include_me.php, (b) admin/ajax.php, and (c) admin/objects/catalog.ajaxhandler.php; and the (2) prefix parameter to (d) admin/inc/config.php."
{ }
"name" : "29907", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29907" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "tinxcms-language-file-include(43305)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43305" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "5917",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5917"
},
{
"name": "tinxcms-language-file-include(43305)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43305"
},
{
"name": "29907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29907"
}
]
}
}

200
2008/3xxx/CVE-2008-3323.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3323", "ID": "CVE-2008-3323",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080725 SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/494756/100/0/threaded" "lang": "eng",
}, "value": "setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package."
{ }
"name" : "[cygwin-announce] 20080805 Updated: Setup.exe updated to version 2.573.2.3", ]
"refsource" : "MLIST", },
"url" : "http://cygwin.com/ml/cygwin-announce/2008-08/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.security-objectives.com/advisories/SECOBJADV-2008-02.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.security-objectives.com/advisories/SECOBJADV-2008-02.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=449929", ]
"refsource" : "MISC", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=449929" ]
}, },
{ "references": {
"name" : "30375", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30375" "name": "ADV-2008-2321",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2321"
"name" : "ADV-2008-2321", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2321" "name": "http://www.security-objectives.com/advisories/SECOBJADV-2008-02.txt",
}, "refsource": "MISC",
{ "url": "http://www.security-objectives.com/advisories/SECOBJADV-2008-02.txt"
"name" : "31271", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31271" "name": "cygwin-setup-weak-security(44047)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44047"
"name" : "4051", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4051" "name": "20080725 SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/494756/100/0/threaded"
"name" : "cygwin-setup-weak-security(44047)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44047" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=449929",
} "refsource": "MISC",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=449929"
} },
} {
"name": "30375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30375"
},
{
"name": "4051",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4051"
},
{
"name": "[cygwin-announce] 20080805 Updated: Setup.exe updated to version 2.573.2.3",
"refsource": "MLIST",
"url": "http://cygwin.com/ml/cygwin-announce/2008-08/msg00001.html"
},
{
"name": "31271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31271"
}
]
}
}

160
2008/3xxx/CVE-2008-3355.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3355", "ID": "CVE-2008-3355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6132", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6132" "lang": "eng",
}, "value": "SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action."
{ }
"name" : "30368", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30368" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31234", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31234" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4047", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4047" ]
}, },
{ "references": {
"name" : "cameralife-sitemapxml-sql-injection(43991)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43991" "name": "31234",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/31234"
} },
} {
"name": "30368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30368"
},
{
"name": "4047",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4047"
},
{
"name": "6132",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6132"
},
{
"name": "cameralife-sitemapxml-sql-injection(43991)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43991"
}
]
}
}

220
2008/3xxx/CVE-2008-3357.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3357", "ID": "CVE-2008-3357",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a \"pointer overwrite vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080801 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733" "lang": "eng",
}, "value": "Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a \"pointer overwrite vulnerability.\""
{ }
"name" : "20080806 CA Products That Embed Ingres Multiple Vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/495177/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ingres.com/support/security-alert-080108.php", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.ingres.com/support/security-alert-080108.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989", ]
"refsource" : "CONFIRM", }
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989" ]
}, },
{ "references": {
"name" : "30512", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30512" "name": "1020614",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1020614"
"name" : "ADV-2008-2292", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2292" "name": "http://www.ingres.com/support/security-alert-080108.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.ingres.com/support/security-alert-080108.php"
"name" : "ADV-2008-2313", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2313" "name": "ADV-2008-2292",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2292"
"name" : "1020614", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020614" "name": "20080801 Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability",
}, "refsource": "IDEFENSE",
{ "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=733"
"name" : "31357", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31357" "name": "31398",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31398"
"name" : "31398", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31398" "name": "ADV-2008-2313",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2313"
"name" : "ingres-ingvalidpw-code-execution(44181)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44181" "name": "ingres-ingvalidpw-code-execution(44181)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44181"
} },
} {
"name": "31357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31357"
},
{
"name": "20080806 CA Products That Embed Ingres Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495177/100/0/threaded"
},
{
"name": "30512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30512"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989"
}
]
}
}

160
2008/3xxx/CVE-2008-3515.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-3515", "ID": "CVE-2008-3515",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb08-17.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb08-17.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516."
{ }
"name" : "30615", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30615" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-2322", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2322" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1020645", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1020645" ]
}, },
{ "references": {
"name" : "31432", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31432" "name": "31432",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/31432"
} },
} {
"name": "ADV-2008-2322",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2322"
},
{
"name": "30615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30615"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb08-17.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-17.html"
},
{
"name": "1020645",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020645"
}
]
}
}

170
2008/3xxx/CVE-2008-3598.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3598", "ID": "CVE-2008-3598",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6226", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6226" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php."
{ }
"name" : "30629", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30629" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35500", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/35500" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25041", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/25041/" ]
}, },
{ "references": {
"name" : "4140", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4140" "name": "25041",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/25041/"
"name" : "psipuss-categories-sql-injection(44367)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44367" "name": "psipuss-categories-sql-injection(44367)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44367"
} },
} {
"name": "35500",
"refsource": "OSVDB",
"url": "http://osvdb.org/35500"
},
{
"name": "4140",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4140"
},
{
"name": "6226",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6226"
},
{
"name": "30629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30629"
}
]
}
}

170
2008/3xxx/CVE-2008-3686.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3686", "ID": "CVE-2008-3686",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[linux-kernel] 20080807 OOPS, ip -f inet6 route get fec0::1, linux-2.6.26, ip6_route_output, rt6_fill_node+0x175", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lkml.org/lkml/2008/8/7/230" "lang": "eng",
}, "value": "The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which triggers a NULL pointer dereference."
{ }
"name" : "[linux-kernel] 20080808 Re: OOPS, ip -f inet6 route get fec0::1, linux-2.6.26, ip6_route_output, rt6_fill_node+0x175", ]
"refsource" : "MLIST", },
"url" : "http://lkml.org/lkml/2008/8/8/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5e0115e500fe9dd2ca11e6f92db9123204f1327a", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5e0115e500fe9dd2ca11e6f92db9123204f1327a" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2422", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2422" ]
}, },
{ "references": {
"name" : "31579", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31579" "name": "linux-kernel-rt6fillnode-dos(44605)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44605"
"name" : "linux-kernel-rt6fillnode-dos(44605)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44605" "name": "31579",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/31579"
} },
} {
"name": "ADV-2008-2422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2422"
},
{
"name": "[linux-kernel] 20080807 OOPS, ip -f inet6 route get fec0::1, linux-2.6.26, ip6_route_output, rt6_fill_node+0x175",
"refsource": "MLIST",
"url": "http://lkml.org/lkml/2008/8/7/230"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5e0115e500fe9dd2ca11e6f92db9123204f1327a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5e0115e500fe9dd2ca11e6f92db9123204f1327a"
},
{
"name": "[linux-kernel] 20080808 Re: OOPS, ip -f inet6 route get fec0::1, linux-2.6.26, ip6_route_output, rt6_fill_node+0x175",
"refsource": "MLIST",
"url": "http://lkml.org/lkml/2008/8/8/7"
}
]
}
}

230
2008/4xxx/CVE-2008-4279.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4279", "ID": "CVE-2008-4279",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=122331139823057&w=2" "lang": "eng",
}, "value": "The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address."
{ }
"name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/497041/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20081004 VMware Emulation Flaw x64 Guest Privilege Escalation (1/2)", "description": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html" ]
}, },
{ "references": {
"name" : "31569", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31569" "name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=122331139823057&w=2"
"name" : "oval:org.mitre.oval:def:5929", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929" "name": "32157",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32157"
"name" : "ADV-2008-2740", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2740" "name": "20081004 VMware Emulation Flaw x64 Guest Privilege Escalation (1/2)",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-October/064860.html"
"name" : "1020991", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020991" "name": "32179",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32179"
"name" : "32180", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32180" "name": "ADV-2008-2740",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2740"
"name" : "32157", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32157" "name": "32180",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32180"
"name" : "32179", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32179" "name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html"
"name" : "vmware-esxesxi-jump-privilege-escalation(45668)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45668" "name": "vmware-esxesxi-jump-privilege-escalation(45668)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45668"
} },
} {
"name": "31569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31569"
},
{
"name": "1020991",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020991"
},
{
"name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:5929",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5929"
}
]
}
}

130
2008/6xxx/CVE-2008-6015.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6015", "ID": "CVE-2008-6015",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) keywords and (2) cat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "31721", "description_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31721" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) keywords and (2) cat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "esfaq-search-sql-injection(44979)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44979" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31721"
},
{
"name": "esfaq-search-sql-injection(44979)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44979"
}
]
}
}

140
2008/6xxx/CVE-2008-6353.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6353", "ID": "CVE-2008-6353",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cha parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7429", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7429" "lang": "eng",
}, "value": "SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cha parameter."
{ }
"name" : "32786", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32786" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33128", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33128" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "33128",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33128"
},
{
"name": "7429",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7429"
},
{
"name": "32786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32786"
}
]
}
}

180
2013/2xxx/CVE-2013-2005.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-2005", "ID": "CVE-2013-2005",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/05/23/3" "lang": "eng",
}, "value": "X.org libXt 1.1.3 and earlier does not check the return value of the XGetWindowProperty function, which allows X servers to trigger use of an uninitialized pointer and memory corruption via vectors related to the (1) ReqCleanup, (2) HandleSelectionEvents, (3) ReqTimedOut, (4) HandleNormal, and (5) HandleSelectionReplies functions."
{ }
"name" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23", ]
"refsource" : "CONFIRM", },
"url" : "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2680", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2680" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2013-9098", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106785.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:1008", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00138.html" "name": "FEDORA-2013-9098",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106785.html"
"name" : "USN-1865-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1865-1" "name": "USN-1865-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1865-1"
"name" : "60133", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/60133" "name": "60133",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/60133"
} },
} {
"name": "openSUSE-SU-2013:1008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00138.html"
},
{
"name": "DSA-2680",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2680"
},
{
"name": "[oss-security] 20130523 Fwd: [ANNOUNCE] X.Org Security Advisory: Protocol handling issues in X Window System client libraries",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/23/3"
},
{
"name": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23",
"refsource": "CONFIRM",
"url": "http://www.x.org/wiki/Development/Security/Advisory-2013-05-23"
}
]
}
}

34
2013/2xxx/CVE-2013-2540.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2540", "ID": "CVE-2013-2540",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2013/2xxx/CVE-2013-2733.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-2733", "ID": "CVE-2013-2733",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2730."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-15.html" "lang": "eng",
}, "value": "Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2730."
{ }
"name" : "GLSA-201308-03", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:0826", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0826.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2013:0809", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:16592", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16592" "name": "http://www.adobe.com/support/security/bulletins/apsb13-15.html",
} "refsource": "CONFIRM",
] "url": "http://www.adobe.com/support/security/bulletins/apsb13-15.html"
} },
} {
"name": "SUSE-SU-2013:0809",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:16592",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16592"
},
{
"name": "RHSA-2013:0826",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0826.html"
},
{
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}
}

160
2017/11xxx/CVE-2017-11238.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00", "DATE_PUBLIC": "2017-08-08T00:00:00",
"ID" : "CVE-2017-11238", "ID": "CVE-2017-11238",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Acrobat Reader", "product_name": "Acrobat Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2017.009.20058 and earlier" "version_value": "2017.009.20058 and earlier"
}, },
{ {
"version_value" : "2017.008.30051 and earlier" "version_value": "2017.008.30051 and earlier"
}, },
{ {
"version_value" : "2015.006.30306 and earlier" "version_value": "2015.006.30306 and earlier"
}, },
{ {
"version_value" : "11.0.20 and earlier" "version_value": "11.0.20 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe Systems Incorporated" "vendor_name": "Adobe Systems Incorporated"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" "lang": "eng",
}, "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "100184", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100184" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039098", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039098" "lang": "eng",
} "value": "Memory Corruption"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "100184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100184"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name": "1039098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039098"
}
]
}
}

120
2017/11xxx/CVE-2017-11250.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-11250", "ID": "CVE-2017-11250",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", "product_name": "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" "version_value": "Adobe Acrobat and Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" "lang": "eng",
} "value": "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
}
]
}
}

140
2017/11xxx/CVE-2017-11446.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11446", "ID": "CVE-2017-11446",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadPESImage function in coders\\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/537", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/537" "lang": "eng",
}, "value": "The ReadPESImage function in coders\\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file."
{ }
"name" : "DSA-4019", ]
"refsource" : "DEBIAN", },
"url" : "https://www.debian.org/security/2017/dsa-4019" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99964", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99964" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99964"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/537",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/537"
},
{
"name": "DSA-4019",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4019"
}
]
}
}

34
2017/11xxx/CVE-2017-11689.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11689", "ID": "CVE-2017-11689",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/11xxx/CVE-2017-11928.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11928", "ID": "CVE-2017-11928",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/14xxx/CVE-2017-14138.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14138", "ID": "CVE-2017-14138",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/639", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/639" "lang": "eng",
}, "value": "ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors."
{ }
"name" : "GLSA-201711-07", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201711-07" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201711-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-07"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/639",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/639"
}
]
}
}

120
2017/14xxx/CVE-2017-14271.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14271", "ID": "CVE-2017-14271",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271" "lang": "eng",
} "value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14271"
}
]
}
}

174
2017/14xxx/CVE-2017-14361.json
View File

@ -1,89 +1,89 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@microfocus.com", "ASSIGNER": "security@suse.com",
"DATE_PUBLIC" : "2017-11-17T22:00:00.000Z", "DATE_PUBLIC": "2017-11-17T22:00:00.000Z",
"ID" : "CVE-2017-14361", "ID": "CVE-2017-14361",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities" "TITLE": "MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Project and Portfolio Management Center", "product_name": "Project and Portfolio Management Center",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.32" "version_value": "9.32"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Micro Focus" "vendor_name": "Micro Focus"
} }
]
}
},
"credit" : [
"Micro Focus would like to thank Xiaoran Wang for reporting this issue to security-alert@hpe.com"
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack."
}
]
},
"exploit" : "Man-In-The-Middle attack (MitM)",
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 7.4,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Man-In-The-Middle attack (MitM)"
}
] ]
} }
] },
}, "credit": [
"references" : { "Micro Focus would like to thank Xiaoran Wang for reporting this issue to security-alert@hpe.com"
"reference_data" : [ ],
{ "data_format": "MITRE",
"name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426", "data_type": "CVE",
"refsource" : "CONFIRM", "data_version": "4.0",
"url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426" "description": {
}, "description_data": [
{ {
"name" : "1040088", "lang": "eng",
"refsource" : "SECTRACK", "value": "Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack."
"url" : "http://www.securitytracker.com/id/1040088" }
} ]
] },
} "exploit": "Man-In-The-Middle attack (MitM)",
} "impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Man-In-The-Middle attack (MitM)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040088",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040088"
},
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426"
}
]
}
}

34
2017/14xxx/CVE-2017-14368.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14368", "ID": "CVE-2017-14368",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/14xxx/CVE-2017-14405.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14405", "ID": "CVE-2017-14405",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.sstrunk.com/cve/eonweb_module_admin_device_index.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.sstrunk.com/cve/eonweb_module_admin_device_index.html" "lang": "eng",
} "value": "The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sstrunk.com/cve/eonweb_module_admin_device_index.html",
"refsource": "MISC",
"url": "http://www.sstrunk.com/cve/eonweb_module_admin_device_index.html"
}
]
}
}

34
2017/15xxx/CVE-2017-15187.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15187", "ID": "CVE-2017-15187",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2017/15xxx/CVE-2017-15878.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15878", "ID": "CVE-2017-15878",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43054", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43054/" "lang": "eng",
}, "value": "A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature."
{ }
"name" : "http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/", ]
"refsource" : "MISC", },
"url" : "http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html", "description": [
"refsource" : "MISC", {
"url" : "https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/keystonejs/keystone/pull/4478", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/keystonejs/keystone/pull/4478" ]
}, },
{ "references": {
"name" : "101541", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101541" "name": "https://github.com/keystonejs/keystone/pull/4478",
} "refsource": "CONFIRM",
] "url": "https://github.com/keystonejs/keystone/pull/4478"
} },
} {
"name": "101541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101541"
},
{
"name": "43054",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43054/"
},
{
"name": "http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/",
"refsource": "MISC",
"url": "http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/"
},
{
"name": "https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html"
}
]
}
}

122
2017/9xxx/CVE-2017-9315.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@dahuatech.com", "ASSIGNER": "cybersecurity@dahuatech.com",
"DATE_PUBLIC" : "2017-11-10T00:00:00", "DATE_PUBLIC": "2017-11-10T00:00:00",
"ID" : "CVE-2017-9315", "ID": "CVE-2017-9315",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX", "product_name": "Dahua IP Camera and IP PTZ IPC-HFW1XXX, IPC-HDW1XXX, IPC-HDBW1XXX, IPC-HFW2XXX, IPC-HDW2XXX, IPC-HDBW2XXX, IPC-HFW4XXX, IPC-HDW4XXX, IPC-HDBW4XXX, IPC-HF5XXX, IPC-HFW5XXX, IPC-HDW5XXX, IPC-HDBW5XXX, IPC-HF8XXX, IPC-HFW8XXX, IPC-HDBW8XXX, IPC-EBW8XXX, IPC-PFW8xxx, IPC-PDBW8xxx, IPC-HUM8xxx, PSD8xxxx, DH-SD2XXXXX, DH-SD4XXXXX, DH-SD5XXXXX, DH-SD6XXXXX",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions Build between 2015/07 and 2017/03" "version_value": "Versions Build between 2015/07 and 2017/03"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Dahua Technologies" "vendor_name": "Dahua Technologies"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "risk of sensitive information leakage"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html" "lang": "eng",
} "value": "Customer of Dahua IP camera or IP PTZ could submit relevant device information to receive a time limited temporary password from Dahua authorized dealer to reset the admin password. The algorithm used in this mechanism is potentially at risk of being compromised and subsequently utilized by attacker."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "risk of sensitive information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html",
"refsource": "CONFIRM",
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--admin-password-recovery-mechanism-in-some-dahua-ip-camera-and-ip-ptz-could-lead-to-security-risk_14731_221.html"
}
]
}
}

34
2017/9xxx/CVE-2017-9738.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9738", "ID": "CVE-2017-9738",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/9xxx/CVE-2017-9888.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9888", "ID": "CVE-2017-9888",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000031a0.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9888", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9888" "lang": "eng",
}, "value": "IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to \"Data from Faulting Address controls Branch Selection starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000031a0.\""
{ }
"name" : "http://www.irfanview.com/plugins.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://www.irfanview.com/plugins.htm" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.irfanview.com/plugins.htm",
"refsource": "CONFIRM",
"url": "http://www.irfanview.com/plugins.htm"
},
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9888",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9888"
}
]
}
}

34
2018/0xxx/CVE-2018-0479.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-0479", "ID": "CVE-2018-0479",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

134
2018/1000xxx/CVE-2018-1000025.json
View File

@ -1,69 +1,69 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "1/16/2018 9:14:14", "DATE_ASSIGNED": "1/16/2018 9:14:14",
"ID" : "CVE-2018-1000025", "ID": "CVE-2018-1000025",
"REQUESTER" : "diego@hernandev.com", "REQUESTER": "diego@hernandev.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firebase Admin SDK for PHP", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "from 3.2.0 to 3.8.0" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jérôme Gamez" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. This attack appear to be exploitable via Attacker would only need to know email address of the victim on most cases.. This vulnerability appears to have been fixed in 3.8.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/kreait/firebase-php/pull/151", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/kreait/firebase-php/pull/151" "lang": "eng",
}, "value": "Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. This attack appear to be exploitable via Attacker would only need to know email address of the victim on most cases.. This vulnerability appears to have been fixed in 3.8.1."
{ }
"name" : "https://github.com/kreait/firebase-php/releases/tag/3.8.1", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/kreait/firebase-php/releases/tag/3.8.1" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kreait/firebase-php/releases/tag/3.8.1",
"refsource": "CONFIRM",
"url": "https://github.com/kreait/firebase-php/releases/tag/3.8.1"
},
{
"name": "https://github.com/kreait/firebase-php/pull/151",
"refsource": "CONFIRM",
"url": "https://github.com/kreait/firebase-php/pull/151"
}
]
}
}

136
2018/1000xxx/CVE-2018-1000644.json
View File

@ -1,70 +1,70 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-08-19T17:09:33.137027", "DATE_ASSIGNED": "2018-08-19T17:09:33.137027",
"DATE_REQUESTED" : "2018-08-08T13:07:29", "DATE_REQUESTED": "2018-08-08T13:07:29",
"ID" : "CVE-2018-1000644", "ID": "CVE-2018-1000644",
"REQUESTER" : "sajeeb@0dd.zone", "REQUESTER": "sajeeb@0dd.zone",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "RDF4j ", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "< 2.4.0 Milestone 2" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Eclipse " "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity (XXE)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://0dd.zone/2018/08/05/rdf4j-XXE/", "description_data": [
"refsource" : "MISC", {
"url" : "https://0dd.zone/2018/08/05/rdf4j-XXE/" "lang": "eng",
}, "value": "Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted RDF file."
{ }
"name" : "https://github.com/eclipse/rdf4j/issues/1056", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/eclipse/rdf4j/issues/1056" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/eclipse/rdf4j/issues/1056",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse/rdf4j/issues/1056"
},
{
"name": "https://0dd.zone/2018/08/05/rdf4j-XXE/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/08/05/rdf4j-XXE/"
}
]
}
}

122
2018/12xxx/CVE-2018-12167.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@intel.com", "ASSIGNER": "secure@intel.com",
"DATE_PUBLIC" : "2019-01-08T00:00:00", "DATE_PUBLIC": "2019-01-08T00:00:00",
"ID" : "CVE-2018-12167", "ID": "CVE-2018-12167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intel(R) Optane(TM) SSD DC P4800X", "product_name": "Intel(R) Optane(TM) SSD DC P4800X",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before version E2010435." "version_value": "before version E2010435."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Intel Corporation" "vendor_name": "Intel Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00175.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00175.html" "lang": "eng",
} "value": "Firmware update routine in bootloader for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00175.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00175.html"
}
]
}
}

34
2018/12xxx/CVE-2018-12181.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12181", "ID": "CVE-2018-12181",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/12xxx/CVE-2018-12321.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12321", "ID": "CVE-2018-12321",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d" "lang": "eng",
}, "value": "There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file."
{ }
"name" : "https://github.com/radare/radare2/issues/10296", ]
"refsource" : "MISC", },
"url" : "https://github.com/radare/radare2/issues/10296" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/radare/radare2/issues/10296",
"refsource": "MISC",
"url": "https://github.com/radare/radare2/issues/10296"
},
{
"name": "https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d",
"refsource": "MISC",
"url": "https://github.com/radare/radare2/commit/224e6bc13fa353dd3b7f7a2334588f1c4229e58d"
}
]
}
}

120
2018/12xxx/CVE-2018-12693.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12693", "ID": "CVE-2018-12693",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc" "lang": "eng",
} "value": "Stack-based buffer overflow in TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to cause a denial of service (outage) via a long type parameter to /data/syslog.filter.json."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc",
"refsource": "MISC",
"url": "https://medium.com/advisability/the-in-security-of-the-tp-link-technologies-tl-wa850re-wi-fi-range-extender-26db87a7a0cc"
}
]
}
}

34
2018/12xxx/CVE-2018-12749.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12749", "ID": "CVE-2018-12749",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/12xxx/CVE-2018-12855.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-12855", "ID": "CVE-2018-12855",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader", "product_name": "Adobe Acrobat and Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe" "vendor_name": "Adobe"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Errors"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "105437", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105437" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041809", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041809" "lang": "eng",
} "value": "Buffer Errors"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"name": "105437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105437"
}
]
}
}

130
2018/13xxx/CVE-2018-13183.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13183", "ID": "CVE-2018-13183",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for JWC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JWCToken", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JWCToken" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JWCToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JWCToken"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

130
2018/13xxx/CVE-2018-13556.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13556", "ID": "CVE-2018-13556",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for COSMOTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for COSMOTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/COSMOTokenERC20", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/COSMOTokenERC20" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/COSMOTokenERC20",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/COSMOTokenERC20"
}
]
}
}

34
2018/16xxx/CVE-2018-16064.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16064", "ID": "CVE-2018-16064",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/16xxx/CVE-2018-16598.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16598", "ID": "CVE-2018-16598",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/" "lang": "eng",
}, "value": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request."
{ }
"name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/", ]
"refsource" : "MISC", },
"url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
"refsource": "CONFIRM",
"url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
},
{
"name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
"refsource": "MISC",
"url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
},
{
"name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
"refsource": "MISC",
"url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
}
]
}
}

120
2018/16xxx/CVE-2018-16712.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16712", "ID": "CVE-2018-16712",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://downwithup.github.io/CVEPosts.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://downwithup.github.io/CVEPosts.html" "lang": "eng",
} "value": "IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send a specially crafted IOCTL 0x9C406104 to read physical memory."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downwithup.github.io/CVEPosts.html",
"refsource": "MISC",
"url": "https://downwithup.github.io/CVEPosts.html"
}
]
}
}

120
2018/16xxx/CVE-2018-16979.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16979", "ID": "CVE-2018-16979",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/howchen/howchen/issues/4", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/howchen/howchen/issues/4" "lang": "eng",
} "value": "Monstra CMS V3.0.4 allows HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter, a related issue to CVE-2012-2943."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/howchen/howchen/issues/4",
"refsource": "MISC",
"url": "https://github.com/howchen/howchen/issues/4"
}
]
}
}

140
2018/4xxx/CVE-2018-4148.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4148", "ID": "CVE-2018-4148",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the \"Telephony\" component. A buffer overflow allows remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/", "description_data": [
"refsource" : "MISC", {
"url" : "https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the \"Telephony\" component. A buffer overflow allows remote attackers to execute arbitrary code."
{ }
"name" : "https://support.apple.com/HT208693", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT208693" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "103578", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103578" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208693",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208693"
},
{
"name": "103578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103578"
},
{
"name": "https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/",
"refsource": "MISC",
"url": "https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/"
}
]
}
}

160
2018/4xxx/CVE-2018-4211.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4211", "ID": "CVE-2018-4211",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208848", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208848" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file."
{ }
"name" : "https://support.apple.com/HT208849", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT208849" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT208850", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208850" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT208851", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT208851" ]
}, },
{ "references": {
"name" : "1041027", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041027" "name": "https://support.apple.com/HT208850",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT208850"
} },
} {
"name": "https://support.apple.com/HT208851",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208851"
},
{
"name": "1041027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041027"
},
{
"name": "https://support.apple.com/HT208848",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208848"
},
{
"name": "https://support.apple.com/HT208849",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208849"
}
]
}
}