admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:40:56 +00:00
parent 0bc8b2b6f5
commit d729c2d7ec
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
62 changed files with 4568 additions and 4568 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
2004/0xxx/CVE-2004-0215.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0215",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS04-018",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-018"
},
{
"name" : "TA04-196A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"name" : "VU#869640",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/869640"
},
{
"name" : "outlook-malformed-email-header-dos(16585)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16585"
},
{
"name" : "oval:org.mitre.oval:def:1950",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1950"
},
{
"name" : "oval:org.mitre.oval:def:2137",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2137"
},
{
"name" : "oval:org.mitre.oval:def:2657",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2657"
},
{
"name" : "oval:org.mitre.oval:def:3376",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3376"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA04-196A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-196A.html"
},
{
"name": "oval:org.mitre.oval:def:2137",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2137"
},
{
"name": "oval:org.mitre.oval:def:1950",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1950"
},
{
"name": "oval:org.mitre.oval:def:2657",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2657"
},
{
"name": "MS04-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-018"
},
{
"name": "outlook-malformed-email-header-dos(16585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16585"
},
{
"name": "VU#869640",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/869640"
},
{
"name": "oval:org.mitre.oval:def:3376",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3376"
}
]
}
}

168
2004/0xxx/CVE-2004-0360.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "200470305 O-088: Sun passwd(1) Command Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107852274423414&w=2"
},
{
"name" : "57454",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57454"
},
{
"name" : "VU#694782",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/694782"
},
{
"name" : "O-088",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/o-088.shtml"
},
{
"name" : "solaris-passwd-gain-privileges(15327)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15327"
},
{
"name" : "9757",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9757"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57454",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57454"
},
{
"name": "200470305 O-088: Sun passwd(1) Command Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107852274423414&w=2"
},
{
"name": "solaris-passwd-gain-privileges(15327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15327"
},
{
"name": "O-088",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-088.shtml"
},
{
"name": "VU#694782",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/694782"
},
{
"name": "9757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9757"
}
]
}
}

128
2004/0xxx/CVE-2004-0922.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0922",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2004-09-30",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html"
},
{
"name" : "11322",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11322"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11322"
},
{
"name": "APPLE-SA-2004-09-30",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html"
}
]
}
}

258
2004/1xxx/CVE-2004-1183.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "CLA-2005:920",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920"
},
{
"name" : "DSA-626",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-626"
},
{
"name" : "GLSA-200501-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200501-06.xml"
},
{
"name" : "MDKSA-2005:001",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:001"
},
{
"name" : "MDKSA-2005:002",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:002"
},
{
"name" : "MDKSA-2005:052",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
},
{
"name" : "RHSA-2005:019",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-019.html"
},
{
"name" : "RHSA-2005:035",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-035.html"
},
{
"name" : "SUSE-SA:2005:001",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html"
},
{
"name" : "20050106 [USN-54-1] TIFF library tool vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110503635113419&w=2"
},
{
"name" : "12173",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12173"
},
{
"name" : "oval:org.mitre.oval:def:9743",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9743"
},
{
"name" : "13728",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13728/"
},
{
"name" : "13776",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13776"
},
{
"name" : "libtiff-tiffdump-bo(18782)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18782"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:019",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-019.html"
},
{
"name": "MDKSA-2005:001",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:001"
},
{
"name": "oval:org.mitre.oval:def:9743",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9743"
},
{
"name": "MDKSA-2005:002",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:002"
},
{
"name": "12173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12173"
},
{
"name": "DSA-626",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-626"
},
{
"name": "13728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13728/"
},
{
"name": "libtiff-tiffdump-bo(18782)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18782"
},
{
"name": "SUSE-SA:2005:001",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.html"
},
{
"name": "20050106 [USN-54-1] TIFF library tool vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110503635113419&w=2"
},
{
"name": "MDKSA-2005:052",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:052"
},
{
"name": "GLSA-200501-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-06.xml"
},
{
"name": "RHSA-2005:035",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-035.html"
},
{
"name": "CLA-2005:920",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920"
},
{
"name": "13776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13776"
}
]
}
}

138
2004/1xxx/CVE-2004-1206.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the filetodownload parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041126 PnTresMailer code browser 6.03 Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110149886306037&w=2"
},
{
"name" : "11767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11767"
},
{
"name" : "pntresmailer-information-disclosure(18263)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18263"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the filetodownload parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11767"
},
{
"name": "20041126 PnTresMailer code browser 6.03 Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110149886306037&w=2"
},
{
"name": "pntresmailer-information-disclosure(18263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18263"
}
]
}
}

188
2004/1xxx/CVE-2004-1329.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1329",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041220 AIX 5.1/5.2/5.3 local root exploits",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110355931920123&w=2"
},
{
"name" : "20070330 AIX 4.3 lsmcode local root command execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/464276/100/0/threaded"
},
{
"name" : "20070402 Re: AIX 4.3 lsmcode local root command execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/464481/100/0/threaded"
},
{
"name" : "701",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/701"
},
{
"name" : "IY64389",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64389&apar=only"
},
{
"name" : "IY64277",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64277&apar=only"
},
{
"name" : "12041",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12041"
},
{
"name" : "aix-diagnostics-gain-privileges(18620)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18620"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "701",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/701"
},
{
"name": "IY64389",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64389&apar=only"
},
{
"name": "20041220 AIX 5.1/5.2/5.3 local root exploits",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110355931920123&w=2"
},
{
"name": "20070330 AIX 4.3 lsmcode local root command execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464276/100/0/threaded"
},
{
"name": "IY64277",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY64277&apar=only"
},
{
"name": "12041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12041"
},
{
"name": "aix-diagnostics-gain-privileges(18620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18620"
},
{
"name": "20070402 Re: AIX 4.3 lsmcode local root command execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464481/100/0/threaded"
}
]
}
}

178
2004/1xxx/CVE-2004-1393.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "57474",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57474-1"
},
{
"name" : "ESB-2004.0085",
"refsource" : "AUSCERT",
"url" : "http://www.auscert.org.au/render.html?it=3806"
},
{
"name" : "VU#379390",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/379390"
},
{
"name" : "9548",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9548"
},
{
"name" : "3786",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3786"
},
{
"name" : "10730",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10730/"
},
{
"name" : "solaris-tcsetattr-dos(14998)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14998"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ESB-2004.0085",
"refsource": "AUSCERT",
"url": "http://www.auscert.org.au/render.html?it=3806"
},
{
"name": "VU#379390",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/379390"
},
{
"name": "solaris-tcsetattr-dos(14998)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14998"
},
{
"name": "10730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10730/"
},
{
"name": "9548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9548"
},
{
"name": "57474",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57474-1"
},
{
"name": "3786",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3786"
}
]
}
}

158
2004/1xxx/CVE-2004-1522.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in Army Men RTS 1.0 allows remote attackers to cause a denial of service (application crash) via a nickname that contains format strings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041114 Format string bug in Army Men RTS",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110053709800174&w=2"
},
{
"name" : "20041114 Format string bug in Army Men RTS",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028757.html"
},
{
"name" : "11679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11679"
},
{
"name" : "13186",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13186"
},
{
"name" : "army-men-rts-format-string(18065)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18065"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Army Men RTS 1.0 allows remote attackers to cause a denial of service (application crash) via a nickname that contains format strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "army-men-rts-format-string(18065)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18065"
},
{
"name": "20041114 Format string bug in Army Men RTS",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028757.html"
},
{
"name": "20041114 Format string bug in Army Men RTS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110053709800174&w=2"
},
{
"name": "11679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11679"
},
{
"name": "13186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13186"
}
]
}
}

138
2004/1xxx/CVE-2004-1776.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041008 Cisco IOS Software Multiple SNMP Community String Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml"
},
{
"name" : "VU#840665",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/840665"
},
{
"name" : "cisco-ios-cable-docsis(6180)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6180"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#840665",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/840665"
},
{
"name": "20041008 Cisco IOS Software Multiple SNMP Community String Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml"
},
{
"name": "cisco-ios-cable-docsis(6180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6180"
}
]
}
}

158
2004/2xxx/CVE-2004-2445.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2445",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a .. (dot dot) in the gadget parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040705 Multiples vulnerabilities in JAWS",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name" : "10670",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10670"
},
{
"name" : "7722",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/7722"
},
{
"name" : "1010651",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1010651"
},
{
"name" : "jaws-index-file-disclosure(16620)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16620"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a .. (dot dot) in the gadget parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7722",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7722"
},
{
"name": "jaws-index-file-disclosure(16620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16620"
},
{
"name": "1010651",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010651"
},
{
"name": "20040705 Multiples vulnerabilities in JAWS",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0226.html"
},
{
"name": "10670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10670"
}
]
}
}

148
2004/2xxx/CVE-2004-2777.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2777",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource" : "MISC",
"url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name" : "https://twitter.com/digitalbond/status/619250429751222277",
"refsource" : "MISC",
"url" : "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
},
{
"name" : "http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA&DIRECTION=2010564-002&FILENAME=2010564-002E.pdf&FILEREV=E&DOCREV_ORG=E",
"refsource" : "CONFIRM",
"url" : "http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA&DIRECTION=2010564-002&FILENAME=2010564-002E.pdf&FILEREV=E&DOCREV_ORG=E"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA&DIRECTION=2010564-002&FILENAME=2010564-002E.pdf&FILEREV=E&DOCREV_ORG=E",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2010564-002E.pdf?REQ=RAA&DIRECTION=2010564-002&FILENAME=2010564-002E.pdf&FILEREV=E&DOCREV_ORG=E"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
]
}
}

148
2008/2xxx/CVE-2008-2124.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2124",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5553",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5553"
},
{
"name" : "29095",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29095"
},
{
"name" : "30103",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30103"
},
{
"name" : "fipscms-print-sql-injection(42257)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42257"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "fipscms-print-sql-injection(42257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42257"
},
{
"name": "30103",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30103"
},
{
"name": "29095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29095"
},
{
"name": "5553",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5553"
}
]
}
}

168
2008/2xxx/CVE-2008-2177.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5537",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5537"
},
{
"name" : "29039",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29039"
},
{
"name" : "ADV-2008-1432",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1432/references"
},
{
"name" : "30056",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30056"
},
{
"name" : "phpdirectorysource-admin-sql-injection(42213)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42213"
},
{
"name" : "phpdirectorysource-show-sql-injection(42212)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42212"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1432/references"
},
{
"name": "phpdirectorysource-admin-sql-injection(42213)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42213"
},
{
"name": "5537",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5537"
},
{
"name": "30056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30056"
},
{
"name": "29039",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29039"
},
{
"name": "phpdirectorysource-show-sql-injection(42212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42212"
}
]
}
}

158
2008/2xxx/CVE-2008-2211.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2211",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Guestbook 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080503 Maian Guestbook v3.2 XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491584/100/0/threaded"
},
{
"name" : "29032",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29032"
},
{
"name" : "30071",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30071"
},
{
"name" : "3890",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3890"
},
{
"name" : "maian-guestbook-footer-xss(42198)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42198"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Guestbook 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29032"
},
{
"name": "30071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30071"
},
{
"name": "20080503 Maian Guestbook v3.2 XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491584/100/0/threaded"
},
{
"name": "maian-guestbook-footer-xss(42198)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42198"
},
{
"name": "3890",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3890"
}
]
}
}

188
2008/2xxx/CVE-2008-2255.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka \"HTML Object Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-2255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST02360",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name" : "SSRT080117",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name" : "MS08-045",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045"
},
{
"name" : "TA08-225A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name" : "oval:org.mitre.oval:def:5602",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5602"
},
{
"name" : "ADV-2008-2349",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2349"
},
{
"name" : "1020674",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020674"
},
{
"name" : "31375",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31375"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka \"HTML Object Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2349",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2349"
},
{
"name": "TA08-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name": "1020674",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020674"
},
{
"name": "HPSBST02360",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name": "SSRT080117",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name": "oval:org.mitre.oval:def:5602",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5602"
},
{
"name": "MS08-045",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045"
},
{
"name": "31375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31375"
}
]
}
}

468
2008/2xxx/CVE-2008-2810.json
View File

@ -1,237 +1,237 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080708 rPSA-2008-0216-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
},
{
"name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
},
{
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-32.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-32.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=410156",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=410156"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2646",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2646"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
},
{
"name" : "DSA-1697",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1697"
},
{
"name" : "FEDORA-2008-6127",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
},
{
"name" : "FEDORA-2008-6193",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
},
{
"name" : "FEDORA-2008-6196",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
},
{
"name" : "GLSA-200808-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name" : "RHSA-2008:0547",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
},
{
"name" : "RHSA-2008:0549",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
},
{
"name" : "RHSA-2008:0569",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
},
{
"name" : "RHSA-2008:0616",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"name" : "SSA:2008-191-03",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152"
},
{
"name" : "SSA:2008-191",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911"
},
{
"name" : "SUSE-SA:2008:034",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
},
{
"name" : "USN-619-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-619-1"
},
{
"name" : "30038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30038"
},
{
"name" : "oval:org.mitre.oval:def:9593",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9593"
},
{
"name" : "31076",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31076"
},
{
"name" : "ADV-2008-1993",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1993/references"
},
{
"name" : "1020419",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020419"
},
{
"name" : "30911",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30911"
},
{
"name" : "30878",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30878"
},
{
"name" : "30898",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30898"
},
{
"name" : "30903",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30903"
},
{
"name" : "30949",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30949"
},
{
"name" : "31005",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31005"
},
{
"name" : "31008",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31008"
},
{
"name" : "31023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31023"
},
{
"name" : "31195",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31195"
},
{
"name" : "31377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31377"
},
{
"name" : "31021",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31021"
},
{
"name" : "33433",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33433"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2008:034",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
},
{
"name": "RHSA-2008:0549",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
},
{
"name": "DSA-1697",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "31021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31021"
},
{
"name": "30898",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30898"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0216",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
},
{
"name": "https://issues.rpath.com/browse/RPL-2646",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2646"
},
{
"name": "30949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30949"
},
{
"name": "SSA:2008-191-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152"
},
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-32.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-32.html"
},
{
"name": "31008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31008"
},
{
"name": "31377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31377"
},
{
"name": "RHSA-2008:0616",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"name": "ADV-2008-1993",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1993/references"
},
{
"name": "31023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31023"
},
{
"name": "30038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30038"
},
{
"name": "oval:org.mitre.oval:def:9593",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9593"
},
{
"name": "GLSA-200808-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name": "31005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31005"
},
{
"name": "33433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33433"
},
{
"name": "FEDORA-2008-6127",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
},
{
"name": "1020419",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020419"
},
{
"name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
},
{
"name": "30903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30903"
},
{
"name": "RHSA-2008:0547",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
},
{
"name": "FEDORA-2008-6193",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
},
{
"name": "SSA:2008-191",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911"
},
{
"name": "31195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31195"
},
{
"name": "31076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31076"
},
{
"name": "USN-619-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-619-1"
},
{
"name": "30911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30911"
},
{
"name": "RHSA-2008:0569",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
},
{
"name": "30878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30878"
},
{
"name": "20080708 rPSA-2008-0216-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=410156",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=410156"
},
{
"name": "FEDORA-2008-6196",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
}
]
}
}

148
2008/3xxx/CVE-2008-3485.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3485",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080730 Citrix MetaFrame Privilege Escalation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494952/100/0/threaded"
},
{
"name" : "30446",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30446"
},
{
"name" : "4110",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4110"
},
{
"name" : "citrix-metaframe-icabar-privilege-escalation(44490)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44490"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "citrix-metaframe-icabar-privilege-escalation(44490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44490"
},
{
"name": "4110",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4110"
},
{
"name": "30446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30446"
},
{
"name": "20080730 Citrix MetaFrame Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494952/100/0/threaded"
}
]
}
}

218
2008/3xxx/CVE-2008-3662.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
},
{
"name" : "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
},
{
"name" : "http://int21.de/cve/CVE-2008-3662-gallery.html",
"refsource" : "MISC",
"url" : "http://int21.de/cve/CVE-2008-3662-gallery.html"
},
{
"name" : "http://gallery.menalto.com/gallery_1.5.9_released",
"refsource" : "CONFIRM",
"url" : "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name" : "http://gallery.menalto.com/gallery_2.2.6_released",
"refsource" : "CONFIRM",
"url" : "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"name" : "FEDORA-2008-11230",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
},
{
"name" : "FEDORA-2008-11258",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name" : "GLSA-200811-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name" : "31231",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31231"
},
{
"name" : "32662",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32662"
},
{
"name" : "33144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33144"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200811-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"
},
{
"name": "33144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33144"
},
{
"name": "32662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32662"
},
{
"name": "FEDORA-2008-11258",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496509/100/0/threaded"
},
{
"name": "31231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31231"
},
{
"name": "http://int21.de/cve/CVE-2008-3662-gallery.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2008-3662-gallery.html"
},
{
"name": "http://gallery.menalto.com/gallery_2.2.6_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.2.6_released"
},
{
"name": "http://gallery.menalto.com/gallery_1.5.9_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_1.5.9_released"
},
{
"name": "20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2008/Sep/0379.html"
},
{
"name": "FEDORA-2008-11230",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"
}
]
}
}

178
2008/3xxx/CVE-2008-3812.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3812",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-3812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=16661",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=16661"
},
{
"name" : "20080924 Cisco IOS Software Firewall Application Inspection Control Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01545.shtml"
},
{
"name" : "31354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31354"
},
{
"name" : "oval:org.mitre.oval:def:5302",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5302"
},
{
"name" : "1020929",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020929"
},
{
"name" : "ADV-2008-2670",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2670"
},
{
"name" : "31990",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31990"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31990"
},
{
"name": "1020929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020929"
},
{
"name": "oval:org.mitre.oval:def:5302",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5302"
},
{
"name": "20080924 Cisco IOS Software Firewall Application Inspection Control Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01545.shtml"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=16661",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=16661"
},
{
"name": "ADV-2008-2670",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2670"
},
{
"name": "31354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31354"
}
]
}
}

148
2008/3xxx/CVE-2008-3899.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
},
{
"name" : "http://www.ivizsecurity.com/preboot-patch.html",
"refsource" : "MISC",
"url" : "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"name" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf",
"refsource" : "MISC",
"url" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name" : "4203",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4203"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4203",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4203"
},
{
"name": "http://www.ivizsecurity.com/preboot-patch.html",
"refsource": "MISC",
"url": "http://www.ivizsecurity.com/preboot-patch.html"
},
{
"name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf",
"refsource": "MISC",
"url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
},
{
"name": "20080825 [IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495805/100/0/threaded"
}
]
}
}

368
2008/3xxx/CVE-2008-3912.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3912",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20080903 request for CVE: clamav 0.94 release",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/09/03/2"
},
{
"name" : "[oss-security] 20080904 Re: request for CVE: clamav 0.94 release",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/09/04/13"
},
{
"name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1141",
"refsource" : "MISC",
"url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1141"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661"
},
{
"name" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name" : "http://kolab.org/security/kolab-vendor-notice-22.txt",
"refsource" : "CONFIRM",
"url" : "http://kolab.org/security/kolab-vendor-notice-22.txt"
},
{
"name" : "http://support.apple.com/kb/HT3216",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3216"
},
{
"name" : "APPLE-SA-2008-10-09",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name" : "DSA-1660",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1660"
},
{
"name" : "FEDORA-2008-9644",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
},
{
"name" : "FEDORA-2008-9651",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"name" : "GLSA-200809-18",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200809-18.xml"
},
{
"name" : "MDVSA-2008:189",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
},
{
"name" : "SUSE-SR:2008:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name" : "31051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31051"
},
{
"name" : "31681",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31681"
},
{
"name" : "32424",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32424"
},
{
"name" : "ADV-2008-2564",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2564"
},
{
"name" : "ADV-2008-2780",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name" : "1020828",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020828"
},
{
"name" : "32030",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32030"
},
{
"name" : "31906",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31906"
},
{
"name" : "32222",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32222"
},
{
"name" : "32699",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32699"
},
{
"name" : "31982",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31982"
},
{
"name" : "clamav-libclamav-dos(45056)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45056"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32030"
},
{
"name": "31051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31051"
},
{
"name": "31982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31982"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1141",
"refsource": "MISC",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1141"
},
{
"name": "[oss-security] 20080904 Re: request for CVE: clamav 0.94 release",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/04/13"
},
{
"name": "SUSE-SR:2008:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661"
},
{
"name": "MDVSA-2008:189",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
},
{
"name": "[oss-security] 20080903 request for CVE: clamav 0.94 release",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/03/2"
},
{
"name": "FEDORA-2008-9651",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "GLSA-200809-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-22.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
},
{
"name": "1020828",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020828"
},
{
"name": "DSA-1660",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1660"
},
{
"name": "32424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32424"
},
{
"name": "clamav-libclamav-dos(45056)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45056"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "ADV-2008-2564",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2564"
},
{
"name": "32699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32699"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "31906",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31906"
},
{
"name": "FEDORA-2008-9644",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
}
]
}
}

118
2008/6xxx/CVE-2008-6343.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6343",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
}
]
}
}

138
2008/6xxx/CVE-2008-6488.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6488",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7021",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7021"
},
{
"name" : "32159",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32159"
},
{
"name" : "phpimagegallery-index-sql-injection(49337)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49337"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7021",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7021"
},
{
"name": "phpimagegallery-index-sql-injection(49337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49337"
},
{
"name": "32159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32159"
}
]
}
}

208
2008/6xxx/CVE-2008-6509.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081108 [AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498162/100/0/threaded"
},
{
"name" : "7075",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7075"
},
{
"name" : "http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt",
"refsource" : "MISC",
"url" : "http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt"
},
{
"name" : "http://www.andreas-kurtz.de/archives/63",
"refsource" : "MISC",
"url" : "http://www.andreas-kurtz.de/archives/63"
},
{
"name" : "http://www.igniterealtime.org/issues/browse/JM-1488",
"refsource" : "CONFIRM",
"url" : "http://www.igniterealtime.org/issues/browse/JM-1488"
},
{
"name" : "32189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32189"
},
{
"name" : "51912",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51912"
},
{
"name" : "32478",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32478"
},
{
"name" : "ADV-2008-3061",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3061"
},
{
"name" : "openfire-siparklogsummary-sql-injection(46487)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46487"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7075",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7075"
},
{
"name": "http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt",
"refsource": "MISC",
"url": "http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt"
},
{
"name": "http://www.igniterealtime.org/issues/browse/JM-1488",
"refsource": "CONFIRM",
"url": "http://www.igniterealtime.org/issues/browse/JM-1488"
},
{
"name": "openfire-siparklogsummary-sql-injection(46487)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46487"
},
{
"name": "32478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32478"
},
{
"name": "http://www.andreas-kurtz.de/archives/63",
"refsource": "MISC",
"url": "http://www.andreas-kurtz.de/archives/63"
},
{
"name": "32189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32189"
},
{
"name": "20081108 [AK-ADV2008-001] Openfire Jabber-Server: Multiple Vulnerabilities (Authentication Bypass, SQL injection, ...)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498162/100/0/threaded"
},
{
"name": "51912",
"refsource": "OSVDB",
"url": "http://osvdb.org/51912"
},
{
"name": "ADV-2008-3061",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3061"
}
]
}
}

138
2008/6xxx/CVE-2008-6891.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6891",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6891",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0812-exploits/aspforum-cmsqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0812-exploits/aspforum-cmsqlxss.txt"
},
{
"name" : "32571",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32571"
},
{
"name" : "aspforum-messages-newmessage-xss(47002)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47002"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aspforum-messages-newmessage-xss(47002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47002"
},
{
"name": "32571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32571"
},
{
"name": "http://packetstormsecurity.org/0812-exploits/aspforum-cmsqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0812-exploits/aspforum-cmsqlxss.txt"
}
]
}
}

118
2013/2xxx/CVE-2013-2829.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2829",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed DNP3 packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-2829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-010-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-010-01"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed DNP3 packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-010-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-010-01"
}
]
}
}

120
2017/11xxx/CVE-2017-11018.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-11-01T00:00:00",
"ID" : "CVE-2017-11018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in Camera"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-11-01T00:00:00",
"ID": "CVE-2017-11018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-11-01"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
}
]
}
}

158
2017/11xxx/CVE-2017-11243.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-11243",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Acrobat Reader",
"version" : {
"version_data" : [
{
"version_value" : "2017.009.20058 and earlier"
},
{
"version_value" : "2017.008.30051 and earlier"
},
{
"version_value" : "2015.006.30306 and earlier"
},
{
"version_value" : "11.0.20 and earlier"
}
]
}
}
]
},
"vendor_name" : "Adobe Systems Incorporated"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-11243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acrobat Reader",
"version": {
"version_data": [
{
"version_value": "2017.009.20058 and earlier"
},
{
"version_value": "2017.008.30051 and earlier"
},
{
"version_value": "2015.006.30306 and earlier"
},
{
"version_value": "11.0.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name" : "100184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100184"
},
{
"name" : "1039098",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039098"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100184"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name": "1039098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039098"
}
]
}
}

120
2017/11xxx/CVE-2017-11396.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"DATE_PUBLIC" : "2017-05-22T00:00:00",
"ID" : "CVE-2017-11396",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "InterScan Web Security Virtual Appliance",
"version" : {
"version_data" : [
{
"version_value" : "6.5"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Other (Input Parameter Inspection)"
}
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"DATE_PUBLIC": "2017-05-22T00:00:00",
"ID": "CVE-2017-11396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "InterScan Web Security Virtual Appliance",
"version": {
"version_data": [
{
"version_value": "6.5"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://success.trendmicro.com/solution/1117412",
"refsource" : "CONFIRM",
"url" : "https://success.trendmicro.com/solution/1117412"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other (Input Parameter Inspection)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/1117412",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1117412"
}
]
}
}

128
2017/11xxx/CVE-2017-11538.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11538",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/569",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/569"
},
{
"name" : "100003",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100003"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteOnePNGImage() function in coders/png.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/569",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/569"
},
{
"name": "100003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100003"
}
]
}
}

118
2017/11xxx/CVE-2017-11589.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/fulldisclosure/2017/Jul/26",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Jul/26"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/26",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/26"
}
]
}
}

140
2017/11xxx/CVE-2017-11855.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-11-14T00:00:00",
"ID" : "CVE-2017-11855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Internet Explorer",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11856."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43371",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43371/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855"
},
{
"name" : "101751",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101751"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11856."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43371",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43371/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11855"
},
{
"name": "101751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101751"
}
]
}
}

118
2017/14xxx/CVE-2017-14275.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14275",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14275",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14275"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a \"User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14275",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14275"
}
]
}
}

120
2017/14xxx/CVE-2017-14898.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00",
"ID" : "CVE-2017-14898",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun occurs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer overrun vulnerability in txpower scale vendor command"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-12-04T00:00:00",
"ID": "CVE-2017-14898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2017-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-12-01"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE contains fewer than 1 byte, a buffer overrun occurs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overrun vulnerability in txpower scale vendor command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-12-01"
}
]
}
}

128
2017/15xxx/CVE-2017-15054.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.amossys.fr/teampass-multiple-cve-01.html",
"refsource" : "MISC",
"url" : "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"name" : "https://github.com/nilsteampassnet/TeamPass/commit/9811c9d453da4bd1101ff7033250d1fbedf101fc",
"refsource" : "MISC",
"url" : "https://github.com/nilsteampassnet/TeamPass/commit/9811c9d453da4bd1101ff7033250d1fbedf101fc"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. To exploit this vulnerability, an authenticated attacker has to tamper with parameters of a request to upload.files.php, in order to select the correct branch and be able to upload any arbitrary file. From there, it can simply access the file to execute code on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.amossys.fr/teampass-multiple-cve-01.html",
"refsource": "MISC",
"url": "http://blog.amossys.fr/teampass-multiple-cve-01.html"
},
{
"name": "https://github.com/nilsteampassnet/TeamPass/commit/9811c9d453da4bd1101ff7033250d1fbedf101fc",
"refsource": "MISC",
"url": "https://github.com/nilsteampassnet/TeamPass/commit/9811c9d453da4bd1101ff7033250d1fbedf101fc"
}
]
}
}

178
2017/15xxx/CVE-2017-15120.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2017-15120",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "pdns-recursor",
"version" : {
"version_data" : [
{
"version_value" : "4.0.8"
}
]
}
}
]
},
"vendor_name" : "PowerDNS"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-476"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-15120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns-recursor",
"version": {
"version_data": [
{
"version_value": "4.0.8"
}
]
}
}
]
},
"vendor_name": "PowerDNS"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20171211 PowerDNS Security Advisory 2017-08",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2017/q4/382"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120"
},
{
"name" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html",
"refsource" : "CONFIRM",
"url" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html"
},
{
"name" : "DSA-4063",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4063"
},
{
"name" : "106335",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106335"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120"
},
{
"name": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html"
},
{
"name": "DSA-4063",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4063"
},
{
"name": "[oss-security] 20171211 PowerDNS Security Advisory 2017-08",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q4/382"
},
{
"name": "106335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106335"
}
]
}
}

432
2017/15xxx/CVE-2017-15324.json
View File

@ -1,219 +1,219 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-12-06T00:00:00",
"ID" : "CVE-2017-15324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "S12700",
"version" : {
"version_data" : [
{
"version_value" : "V200R006C00"
},
{
"version_value" : "V200R007C00"
},
{
"version_value" : "V200R007C01"
},
{
"version_value" : "V200R007C20"
},
{
"version_value" : "V200R008C00"
},
{
"version_value" : "V200R009C00"
},
{
"version_value" : "V200R010C00"
}
]
}
},
{
"product_name" : "S1700",
"version" : {
"version_data" : [
{
"version_value" : "V200R006C10"
},
{
"version_value" : "V200R009C00"
},
{
"version_value" : "V200R010C00"
}
]
}
},
{
"product_name" : "S2700",
"version" : {
"version_data" : [
{
"version_value" : "V200R006C00"
},
{
"version_value" : "V200R006C10"
},
{
"version_value" : "V200R007C00"
},
{
"version_value" : "V200R008C00"
},
{
"version_value" : "V200R009C00"
},
{
"version_value" : "V200R010C00"
},
{
"version_value" : "V200R011C00"
}
]
}
},
{
"product_name" : "S5700",
"version" : {
"version_data" : [
{
"version_value" : "V200R005C00"
},
{
"version_value" : "V200R006C00"
},
{
"version_value" : "V200R007C00"
},
{
"version_value" : "V200R008C00"
},
{
"version_value" : "V200R009C00"
},
{
"version_value" : "V200R010C00"
},
{
"version_value" : "V200R011C00"
}
]
}
},
{
"product_name" : "S6700",
"version" : {
"version_data" : [
{
"version_value" : "V200R005C00"
},
{
"version_value" : "V200R008C00"
},
{
"version_value" : "V200R009C00"
},
{
"version_value" : "V200R010C00"
}
]
}
},
{
"product_name" : "S7700",
"version" : {
"version_data" : [
{
"version_value" : "V200R006C00"
},
{
"version_value" : "V200R007C00"
},
{
"version_value" : "V200R008C00"
},
{
"version_value" : "V200R009C00"
},
{
"version_value" : "V200R010C00"
}
]
}
},
{
"product_name" : "S9700",
"version" : {
"version_data" : [
{
"version_value" : "V200R006C00"
},
{
"version_value" : "V200R007C00"
},
{
"version_value" : "V200R007C01"
},
{
"version_value" : "V200R008C00"
},
{
"version_value" : "V200R009C00"
},
{
"version_value" : "V200R010C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-12-06T00:00:00",
"ID": "CVE-2017-15324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "S12700",
"version": {
"version_data": [
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R007C20"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
}
]
}
},
{
"product_name": "S1700",
"version": {
"version_data": [
{
"version_value": "V200R006C10"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
}
]
}
},
{
"product_name": "S2700",
"version": {
"version_data": [
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R006C10"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "V200R011C00"
}
]
}
},
{
"product_name": "S5700",
"version": {
"version_data": [
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
},
{
"version_value": "V200R011C00"
}
]
}
},
{
"product_name": "S6700",
"version": {
"version_data": [
{
"version_value": "V200R005C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
}
]
}
},
{
"product_name": "S7700",
"version": {
"version_data": [
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
}
]
}
},
{
"product_name": "S9700",
"version": {
"version_data": [
{
"version_value": "V200R006C00"
},
{
"version_value": "V200R007C00"
},
{
"version_value": "V200R007C01"
},
{
"version_value": "V200R008C00"
},
{
"version_value": "V200R009C00"
},
{
"version_value": "V200R010C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-nqa-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-nqa-en"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnerability due to insufficient validation of the Network Quality Analysis (NQA) packets. A remote attacker could exploit this vulnerability by sending malformed NQA packets to the target device. Successful exploitation could make the device restart."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-nqa-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-nqa-en"
}
]
}
}

118
2017/15xxx/CVE-2017-15743.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15743",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address may be used as a return value starting at CADIMAGE+0x00000000003d24a0.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15743",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15743"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address may be used as a return value starting at CADIMAGE+0x00000000003d24a0.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15743",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15743"
}
]
}
}

118
2017/15xxx/CVE-2017-15765.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15765",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at CADIMAGE+0x00000000003e9462.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15765",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15765"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at CADIMAGE+0x00000000003e9462.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15765",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15765"
}
]
}
}

120
2017/15xxx/CVE-2017-15848.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00",
"ID" : "CVE-2017-15848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potentially exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input (\"Classic Buffer Overflow\") in Multimedia"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-15848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the fastrpc kernel driver, a buffer overflow vulnerability from userspace may potentially exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input (\"Classic Buffer Overflow\") in Multimedia"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
]
}
}

140
2017/8xxx/CVE-2017-8604.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00",
"ID" : "CVE-2017-8604",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 10 1511, 1607, and 1703, and Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Edge"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-8604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 10 1511, 1607, and 1703, and Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "Microsoft Edge"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8604",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8604"
},
{
"name" : "99407",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99407"
},
{
"name" : "1038849",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038849"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038849"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8604",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8604"
},
{
"name": "99407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99407"
}
]
}
}

168
2017/9xxx/CVE-2017-9348.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9348",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1151",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1151"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608",
"refsource" : "MISC",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7fe55f96672b7bf2b4ceb9ae039a0f43eddd3151",
"refsource" : "MISC",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7fe55f96672b7bf2b4ceb9ae039a0f43eddd3151"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2017-23.html",
"refsource" : "MISC",
"url" : "https://www.wireshark.org/security/wnpa-sec-2017-23.html"
},
{
"name" : "98801",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98801"
},
{
"name" : "1038612",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038612"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2017-23.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2017-23.html"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7fe55f96672b7bf2b4ceb9ae039a0f43eddd3151",
"refsource": "MISC",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7fe55f96672b7bf2b4ceb9ae039a0f43eddd3151"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608",
"refsource": "MISC",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608"
},
{
"name": "1038612",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038612"
},
{
"name": "98801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98801"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1151",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1151"
}
]
}
}

32
2017/9xxx/CVE-2017-9943.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9943",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9943",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2017/9xxx/CVE-2017-9973.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9973",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-9973",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

32
2018/0xxx/CVE-2018-0731.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-0731",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-0731",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

134
2018/1000xxx/CVE-2018-1000211.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-07-10T20:50:24.886897",
"DATE_REQUESTED" : "2018-07-10T20:32:02",
"ID" : "CVE-2018-1000211",
"REQUESTER" : "me@justinbull.ca",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Doorkeeper",
"version" : {
"version_data" : [
{
"version_value" : "4.2.0 and later"
}
]
}
}
]
},
"vendor_name" : "Doorkeeper"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-10T20:50:24.886897",
"DATE_REQUESTED": "2018-07-10T20:32:02",
"ID": "CVE-2018-1000211",
"REQUESTER": "me@justinbull.ca",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/doorkeeper-gem/doorkeeper/issues/891",
"refsource" : "CONFIRM",
"url" : "https://github.com/doorkeeper-gem/doorkeeper/issues/891"
},
{
"name" : "https://github.com/doorkeeper-gem/doorkeeper/pull/1119",
"refsource" : "CONFIRM",
"url" : "https://github.com/doorkeeper-gem/doorkeeper/pull/1119"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/doorkeeper-gem/doorkeeper/pull/1119",
"refsource": "CONFIRM",
"url": "https://github.com/doorkeeper-gem/doorkeeper/pull/1119"
},
{
"name": "https://github.com/doorkeeper-gem/doorkeeper/issues/891",
"refsource": "CONFIRM",
"url": "https://github.com/doorkeeper-gem/doorkeeper/issues/891"
}
]
}
}

32
2018/12xxx/CVE-2018-12033.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12033",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12033",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/12xxx/CVE-2018-12159.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2019-02-12T00:00:00",
"ID" : "CVE-2018-12159",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the command-line interface for Intel(R) PROSet Wireless v20.50 and before may allow an authenticated user to potentially enable denial of service via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2019-02-12T00:00:00",
"ID": "CVE-2018-12159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00169.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00169.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the command-line interface for Intel(R) PROSet Wireless v20.50 and before may allow an authenticated user to potentially enable denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00169.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00169.html"
}
]
}
}

138
2018/12xxx/CVE-2018-12540.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "emo@eclipse.org",
"ID" : "CVE-2018-12540",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Eclipse Vert.x",
"version" : {
"version_data" : [
{
"version_affected" : ">=",
"version_value" : "3.0"
},
{
"version_affected" : "<=",
"version_value" : "3.5.2"
}
]
}
}
]
},
"vendor_name" : "The Eclipse Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-352: Cross-Site Request Forgery (CSRF)"
}
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2018-12540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Vert.x",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "3.0"
},
{
"version_affected": "<=",
"version_value": "3.5.2"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948",
"refsource" : "CONFIRM",
"url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948"
},
{
"name" : "RHSA-2018:2371",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2371"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=536948"
},
{
"name": "RHSA-2018:2371",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2371"
}
]
}
}

128
2018/12xxx/CVE-2018-12607.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12607",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/",
"refsource" : "CONFIRM",
"url" : "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/"
},
{
"name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/45903",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/45903"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a lack of output encoding."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/45903",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/45903"
},
{
"name": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/",
"refsource": "CONFIRM",
"url": "https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/"
}
]
}
}

138
2018/12xxx/CVE-2018-12775.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-12775",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Acrobat and Reader",
"version" : {
"version_data" : [
{
"version_value" : "2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-12775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acrobat and Reader",
"version": {
"version_data": [
{
"version_value": "2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html"
},
{
"name" : "105358",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105358"
},
{
"name" : "1041702",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041702"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html"
},
{
"name": "105358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105358"
},
{
"name": "1041702",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041702"
}
]
}
}

128
2018/13xxx/CVE-2018-13182.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13182",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/loncoin",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/loncoin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for loncoin (LON), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/loncoin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/loncoin"
}
]
}
}

128
2018/13xxx/CVE-2018-13583.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13583",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for Shmoo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Shmoo",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Shmoo"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for Shmoo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Shmoo",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Shmoo"
}
]
}
}

128
2018/16xxx/CVE-2018-16282.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gist.github.com/tim124058/5c4babe391a016c771d2cccabead21cb",
"refsource" : "MISC",
"url" : "https://gist.github.com/tim124058/5c4babe391a016c771d2cccabead21cb"
},
{
"name" : "https://www.moxa.com/support/download.aspx?type=support&id=15851",
"refsource" : "CONFIRM",
"url" : "https://www.moxa.com/support/download.aspx?type=support&id=15851"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/tim124058/5c4babe391a016c771d2cccabead21cb",
"refsource": "MISC",
"url": "https://gist.github.com/tim124058/5c4babe391a016c771d2cccabead21cb"
},
{
"name": "https://www.moxa.com/support/download.aspx?type=support&id=15851",
"refsource": "CONFIRM",
"url": "https://www.moxa.com/support/download.aspx?type=support&id=15851"
}
]
}
}

32
2018/16xxx/CVE-2018-16442.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16442",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16442",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2018/16xxx/CVE-2018-16489.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2018-16489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "just-extend",
"version" : {
"version_data" : [
{
"version_value" : "<4.0.0"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service (CWE-400)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2018-16489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "just-extend",
"version": {
"version_data": [
{
"version_value": "<4.0.0"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/430291",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/430291"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/430291",
"refsource": "MISC",
"url": "https://hackerone.com/reports/430291"
}
]
}
}

118
2018/16xxx/CVE-2018-16551.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16551",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/LavaLite/cms/issues/259",
"refsource" : "MISC",
"url" : "https://github.com/LavaLite/cms/issues/259"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LavaLite 5.5 has XSS via a /edit URI, as demonstrated by client/job/job/Zy8PWBekrJ/edit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LavaLite/cms/issues/259",
"refsource": "MISC",
"url": "https://github.com/LavaLite/cms/issues/259"
}
]
}
}

128
2018/16xxx/CVE-2018-16956.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16956",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Pages can be renamed to include characters unsupported for URIs by the web server hosting the WCI Portal software (such as IIS). Renaming pages to include unsupported characters, such as 0x7f, prevents these pages from being accessed over the web server, causing a Denial of Service (DoS) to the page. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://seclists.org/fulldisclosure/2018/Sep/22",
"refsource" : "MISC",
"url" : "https://seclists.org/fulldisclosure/2018/Sep/22"
},
{
"name" : "105350",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105350"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Pages can be renamed to include characters unsupported for URIs by the web server hosting the WCI Portal software (such as IIS). Renaming pages to include unsupported characters, such as 0x7f, prevents these pages from being accessed over the web server, causing a Denial of Service (DoS) to the page. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/fulldisclosure/2018/Sep/22",
"refsource": "MISC",
"url": "https://seclists.org/fulldisclosure/2018/Sep/22"
},
{
"name": "105350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105350"
}
]
}
}

168
2018/4xxx/CVE-2018-4166.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4166",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"NSURLSession\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208692",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208692"
},
{
"name" : "https://support.apple.com/HT208693",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208693"
},
{
"name" : "https://support.apple.com/HT208696",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208696"
},
{
"name" : "https://support.apple.com/HT208698",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208698"
},
{
"name" : "1040604",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040604"
},
{
"name" : "1040608",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040608"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"NSURLSession\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208692",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208692"
},
{
"name": "1040604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040604"
},
{
"name": "https://support.apple.com/HT208698",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208698"
},
{
"name": "https://support.apple.com/HT208696",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208696"
},
{
"name": "https://support.apple.com/HT208693",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208693"
},
{
"name": "1040608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040608"
}
]
}
}

32
2018/4xxx/CVE-2018-4476.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4476",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4476",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/4xxx/CVE-2018-4663.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4663",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4663",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/4xxx/CVE-2018-4866.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4866",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4866",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}