admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:27:45 +00:00
parent 945bd1d05a
commit de32569473
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3807 additions and 3807 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2002/1xxx/CVE-2002-1395.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-202",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-202"
},
{
"name" : "RHSA-2003:039",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-039.html"
},
{
"name" : "6307",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6307"
},
{
"name" : "8166",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8166"
},
{
"name" : "8242",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8242"
},
{
"name" : "im-impwagent-insecure-directory(10766)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10766.php"
},
{
"name" : "im-immknmz-symlink(10767)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10767.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-202",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-202"
},
{
"name": "im-impwagent-insecure-directory(10766)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10766.php"
},
{
"name": "6307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6307"
},
{
"name": "8242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8242"
},
{
"name": "8166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8166"
},
{
"name": "im-immknmz-symlink(10767)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10767.php"
},
{
"name": "RHSA-2003:039",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-039.html"
}
]
}
}

140
2003/0xxx/CVE-2003-0382.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0382",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030509 BAZARR CODE NINER PINK TEAM GO GO GO",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105427580626001&w=2"
},
{
"name" : "DSA-309",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-309"
},
{
"name" : "7708",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7708"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-309",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-309"
},
{
"name": "20030509 BAZARR CODE NINER PINK TEAM GO GO GO",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105427580626001&w=2"
},
{
"name": "7708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7708"
}
]
}
}

120
2003/0xxx/CVE-2003-0586.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0586",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030717 eStore SQL Injection Vulnerability & Path Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105845898003616&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030717 eStore SQL Injection Vulnerability & Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105845898003616&w=2"
}
]
}
}

140
2003/0xxx/CVE-2003-0620.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0620",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030729 man-db[] multiple(4) vulnerabilities.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105951284512898&w=2"
},
{
"name" : "20030730 Re: man-db[] multiple(4) vulnerabilities.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105960276803617&w=2"
},
{
"name" : "DSA-364",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-364"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030729 man-db[] multiple(4) vulnerabilities.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105951284512898&w=2"
},
{
"name": "20030730 Re: man-db[] multiple(4) vulnerabilities.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105960276803617&w=2"
},
{
"name": "DSA-364",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-364"
}
]
}
}

130
2003/0xxx/CVE-2003-0647.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0647",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030731 Sending 2GB Data in GET Request Causes Buffer Overflow in Cisco IOS Software",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml"
},
{
"name" : "VU#579324",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/579324"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030731 Sending 2GB Data in GET Request Causes Buffer Overflow in Cisco IOS Software",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml"
},
{
"name": "VU#579324",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/579324"
}
]
}
}

170
2003/1xxx/CVE-2003-1531.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1531",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030327 [SCSA-013] Cross Site Scripting vulnerability in testcgi.exe",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104878375423320&w=2"
},
{
"name" : "http://www.security-corporation.com/index.php?id=advisories&a=013-FR",
"refsource" : "MISC",
"url" : "http://www.security-corporation.com/index.php?id=advisories&a=013-FR"
},
{
"name" : "7214",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7214"
},
{
"name" : "1006391",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1006391"
},
{
"name" : "8456",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8456"
},
{
"name" : "ceilidh-textcgi-xss(11638)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11638"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.security-corporation.com/index.php?id=advisories&a=013-FR",
"refsource": "MISC",
"url": "http://www.security-corporation.com/index.php?id=advisories&a=013-FR"
},
{
"name": "20030327 [SCSA-013] Cross Site Scripting vulnerability in testcgi.exe",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104878375423320&w=2"
},
{
"name": "7214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7214"
},
{
"name": "8456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8456"
},
{
"name": "ceilidh-textcgi-xss(11638)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11638"
},
{
"name": "1006391",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1006391"
}
]
}
}

34
2004/0xxx/CVE-2004-0076.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0076",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was removed from consideration by its Candidate Numbering Authority. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2004-0076",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was removed from consideration by its Candidate Numbering Authority. Notes: none."
}
]
}
}

34
2004/0xxx/CVE-2004-0147.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0147",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2004-0147",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none."
}
]
}
}

210
2004/0xxx/CVE-2004-0482.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0482",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs.c, (3) procfs_linux.c, (4) procfs_regs.c, (5) procfs_status.c, and (6) procfs_subr.c in procfs for OpenBSD 3.5 and earlier allow local users to read sensitive kernel memory and possibly perform other unauthorized activities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040517 OpenBSD procfs",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=108481812926420&w=2"
},
{
"name" : "http://www.deprotect.com/advisories/DEPROTECT-20041305.txt",
"refsource" : "MISC",
"url" : "http://www.deprotect.com/advisories/DEPROTECT-20041305.txt"
},
{
"name" : "[openbsd-security-announce] 20040513 procfs vulnerability",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=openbsd-security-announce&m=108445767103004&w=2"
},
{
"name" : "20040513 [3.4] 020: SECURITY FIX: May 13, 2004",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata34.html"
},
{
"name" : "20040513 [3.5] 006: SECURITY FIX: May 13, 2004",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata35.html"
},
{
"name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch"
},
{
"name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/020_procfs.patch",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/020_procfs.patch"
},
{
"name" : "6114",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6114"
},
{
"name" : "11605",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11605"
},
{
"name" : "openbsd-procfs-gain-privileges(16226)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16226"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs.c, (3) procfs_linux.c, (4) procfs_regs.c, (5) procfs_status.c, and (6) procfs_subr.c in procfs for OpenBSD 3.5 and earlier allow local users to read sensitive kernel memory and possibly perform other unauthorized activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openbsd-procfs-gain-privileges(16226)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16226"
},
{
"name": "20040517 OpenBSD procfs",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=108481812926420&w=2"
},
{
"name": "20040513 [3.5] 006: SECURITY FIX: May 13, 2004",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata35.html"
},
{
"name": "20040513 [3.4] 020: SECURITY FIX: May 13, 2004",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata34.html"
},
{
"name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch"
},
{
"name": "http://www.deprotect.com/advisories/DEPROTECT-20041305.txt",
"refsource": "MISC",
"url": "http://www.deprotect.com/advisories/DEPROTECT-20041305.txt"
},
{
"name": "6114",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6114"
},
{
"name": "11605",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11605"
},
{
"name": "[openbsd-security-announce] 20040513 procfs vulnerability",
"refsource": "MLIST",
"url": "http://marc.info/?l=openbsd-security-announce&m=108445767103004&w=2"
},
{
"name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/020_procfs.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/020_procfs.patch"
}
]
}
}

160
2004/2xxx/CVE-2004-2008.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2008",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040508 [waraxe-2004-SA#028 - Multiple vulnerabilities in NukeJokes module for PhpNuke]",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108404714232579&w=2"
},
{
"name" : "http://www.waraxe.us/index.php?modname=sa&id=28",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/index.php?modname=sa&id=28"
},
{
"name" : "10306",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10306"
},
{
"name" : "11579",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11579"
},
{
"name" : "nukejokes-sql-injection(16099)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16099"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nukejokes-sql-injection(16099)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16099"
},
{
"name": "http://www.waraxe.us/index.php?modname=sa&id=28",
"refsource": "MISC",
"url": "http://www.waraxe.us/index.php?modname=sa&id=28"
},
{
"name": "20040508 [waraxe-2004-SA#028 - Multiple vulnerabilities in NukeJokes module for PhpNuke]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108404714232579&w=2"
},
{
"name": "11579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11579"
},
{
"name": "10306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10306"
}
]
}
}

160
2004/2xxx/CVE-2004-2461.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2461",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://gnubiff.sourceforge.net/changelog.php",
"refsource" : "CONFIRM",
"url" : "http://gnubiff.sourceforge.net/changelog.php"
},
{
"name" : "11123",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11123"
},
{
"name" : "9731",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/9731"
},
{
"name" : "12445",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12445"
},
{
"name" : "gnubiff-pop3-dos(17282)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17282"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11123",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11123"
},
{
"name": "http://gnubiff.sourceforge.net/changelog.php",
"refsource": "CONFIRM",
"url": "http://gnubiff.sourceforge.net/changelog.php"
},
{
"name": "12445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12445"
},
{
"name": "gnubiff-pop3-dos(17282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17282"
},
{
"name": "9731",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9731"
}
]
}
}

150
2004/2xxx/CVE-2004-2719.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2719",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than CVE-2005-0339."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "164",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/164"
},
{
"name" : "9954",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9954"
},
{
"name" : "11231",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11231"
},
{
"name" : "foxmail-punylib-bo(15640)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15640"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than CVE-2005-0339."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "foxmail-punylib-bo(15640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15640"
},
{
"name": "9954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9954"
},
{
"name": "164",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/164"
},
{
"name": "11231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11231"
}
]
}
}

180
2008/2xxx/CVE-2008-2104.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.bugzilla.org/security/2.20.5/",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security/2.20.5/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=415471",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=415471"
},
{
"name" : "29038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29038"
},
{
"name" : "ADV-2008-1428",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1428/references"
},
{
"name" : "1019968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019968"
},
{
"name" : "30064",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30064"
},
{
"name" : "bugzilla-xmlrpc-security-bypass(42218)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42218"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29038"
},
{
"name": "1019968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019968"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=415471",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=415471"
},
{
"name": "30064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30064"
},
{
"name": "bugzilla-xmlrpc-security-bypass(42218)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42218"
},
{
"name": "http://www.bugzilla.org/security/2.20.5/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/2.20.5/"
},
{
"name": "ADV-2008-1428",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1428/references"
}
]
}
}

210
2008/2xxx/CVE-2008-2105.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2105",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.bugzilla.org/security/2.20.5/",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security/2.20.5/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=419188",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=419188"
},
{
"name" : "FEDORA-2008-3442",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html"
},
{
"name" : "FEDORA-2008-3488",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00098.html"
},
{
"name" : "29038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29038"
},
{
"name" : "ADV-2008-1428",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1428/references"
},
{
"name" : "1019969",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019969"
},
{
"name" : "30064",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30064"
},
{
"name" : "30167",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30167"
},
{
"name" : "bugzilla-emailin-security-bypass(42235)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42235"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019969",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019969"
},
{
"name": "29038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29038"
},
{
"name": "30167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30167"
},
{
"name": "FEDORA-2008-3442",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00036.html"
},
{
"name": "bugzilla-emailin-security-bypass(42235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42235"
},
{
"name": "FEDORA-2008-3488",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00098.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=419188",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=419188"
},
{
"name": "30064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30064"
},
{
"name": "http://www.bugzilla.org/security/2.20.5/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/2.20.5/"
},
{
"name": "ADV-2008-1428",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1428/references"
}
]
}
}

140
2008/2xxx/CVE-2008-2510.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080524 vuln in WordPress plugin Upload File(UP)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492555/100/0/threaded"
},
{
"name" : "29352",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29352"
},
{
"name" : "uploadfile-wpuploadfile-sql-injection(42659)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42659"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29352"
},
{
"name": "20080524 vuln in WordPress plugin Upload File(UP)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492555/100/0/threaded"
},
{
"name": "uploadfile-wpuploadfile-sql-injection(42659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42659"
}
]
}
}

140
2008/2xxx/CVE-2008-2699.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5758",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5758"
},
{
"name" : "29595",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29595"
},
{
"name" : "galatolo-index-file-include(42923)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42923"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Galatolo WebManager (GWM) 1.0 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in (1) the plugin parameter to admin/plugins.php or (2) the com parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5758",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5758"
},
{
"name": "29595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29595"
},
{
"name": "galatolo-index-file-include(42923)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42923"
}
]
}
}

170
2008/2xxx/CVE-2008-2868.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5927",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5927"
},
{
"name" : "29919",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29919"
},
{
"name" : "ADV-2008-1924",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1924"
},
{
"name" : "1020358",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020358"
},
{
"name" : "30774",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30774"
},
{
"name" : "ducalendar-detail-sql-injection(43325)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43325"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ducalendar-detail-sql-injection(43325)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43325"
},
{
"name": "29919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29919"
},
{
"name": "30774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30774"
},
{
"name": "1020358",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020358"
},
{
"name": "ADV-2008-1924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1924"
},
{
"name": "5927",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5927"
}
]
}
}

190
2012/0xxx/CVE-2012-0723.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0723",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-0723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc"
},
{
"name" : "IV22693",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22693"
},
{
"name" : "IV22694",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22694"
},
{
"name" : "IV22695",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22695"
},
{
"name" : "IV22696",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22696"
},
{
"name" : "IV22697",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV22697"
},
{
"name" : "1027315",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027315"
},
{
"name" : "aix-dupmsg-dos(74134)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74134"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV22696",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22696"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc"
},
{
"name": "IV22694",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22694"
},
{
"name": "IV22697",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22697"
},
{
"name": "aix-dupmsg-dos(74134)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74134"
},
{
"name": "1027315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027315"
},
{
"name": "IV22695",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22695"
},
{
"name": "IV22693",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV22693"
}
]
}
}

170
2012/0xxx/CVE-2012-0770.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-0770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-06.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-06.html"
},
{
"name" : "http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html",
"refsource" : "CONFIRM",
"url" : "http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html"
},
{
"name" : "80008",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80008"
},
{
"name" : "1026830",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026830"
},
{
"name" : "48393",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48393"
},
{
"name" : "adobe-coldfusion-hash-dos(73955)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73955"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1026830",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026830"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-06.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-06.html"
},
{
"name": "80008",
"refsource": "OSVDB",
"url": "http://osvdb.org/80008"
},
{
"name": "48393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48393"
},
{
"name": "http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html",
"refsource": "CONFIRM",
"url": "http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html"
},
{
"name": "adobe-coldfusion-hash-dos(73955)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73955"
}
]
}
}

140
2012/0xxx/CVE-2012-0981.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0981",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18435",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18435"
},
{
"name" : "47802",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47802"
},
{
"name" : "phpshowtime-index-directory-traversal(72824)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72824"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47802"
},
{
"name": "18435",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18435"
},
{
"name": "phpshowtime-index-directory-traversal(72824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72824"
}
]
}
}

170
2012/1xxx/CVE-2012-1163.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers \"improper restrictions of operations within the bounds of a memory buffer\" and an information leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"refsource" : "MLIST",
"url" : "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name" : "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name" : "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name" : "http://www.nih.at/libzip/NEWS.html",
"refsource" : "CONFIRM",
"url" : "http://www.nih.at/libzip/NEWS.html"
},
{
"name" : "GLSA-201203-23",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
},
{
"name" : "MDVSA-2012:034",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers \"improper restrictions of operations within the bounds of a memory buffer\" and an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[libzip-discuss] 20120320 libzip-0.10.1 security fix release",
"refsource": "MLIST",
"url": "http://nih.at/listarchive/libzip-discuss/msg00252.html"
},
{
"name": "[oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/21/2"
},
{
"name": "MDVSA-2012:034",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:034"
},
{
"name": "http://www.nih.at/libzip/NEWS.html",
"refsource": "CONFIRM",
"url": "http://www.nih.at/libzip/NEWS.html"
},
{
"name": "[oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/11"
},
{
"name": "GLSA-201203-23",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201203-23.xml"
}
]
}
}

150
2012/1xxx/CVE-2012-1674.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI, a different vulnerability than CVE-2012-0582."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "1026952",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026952"
},
{
"name" : "48885",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48885"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI, a different vulnerability than CVE-2012-0582."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48885"
},
{
"name": "1026952",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026952"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

300
2012/1xxx/CVE-2012-1719.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1719",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[OpenJDK] 20120612 IcedTea6 1.10.8 & 1.11.3 Released",
"refsource" : "MLIST",
"url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21615246",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21615246"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBUX02805",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
},
{
"name" : "SSRT100919",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
},
{
"name" : "MDVSA-2012:095",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:095"
},
{
"name" : "RHSA-2012:1243",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1243.html"
},
{
"name" : "RHSA-2013:1455",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name" : "RHSA-2013:1456",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name" : "RHSA-2012:0734",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0734.html"
},
{
"name" : "SUSE-SU-2012:1231",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"
},
{
"name" : "SUSE-SU-2012:1177",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html"
},
{
"name" : "SUSE-SU-2012:1265",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html"
},
{
"name" : "SUSE-SU-2012:1204",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html"
},
{
"name" : "53950",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53950"
},
{
"name" : "oval:org.mitre.oval:def:16312",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16312"
},
{
"name" : "50659",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50659"
},
{
"name" : "51080",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51080"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:1265",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "SUSE-SU-2012:1177",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00020.html"
},
{
"name": "SUSE-SU-2012:1231",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"
},
{
"name": "RHSA-2012:0734",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0734.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html"
},
{
"name": "RHSA-2012:1243",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1243.html"
},
{
"name": "53950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53950"
},
{
"name": "[OpenJDK] 20120612 IcedTea6 1.10.8 & 1.11.3 Released",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-June/019076.html"
},
{
"name": "50659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50659"
},
{
"name": "SSRT100919",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
},
{
"name": "SUSE-SU-2012:1204",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00028.html"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "oval:org.mitre.oval:def:16312",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16312"
},
{
"name": "MDVSA-2012:095",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:095"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21615246",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21615246"
},
{
"name": "51080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51080"
},
{
"name": "HPSBUX02805",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
}
]
}
}

200
2012/5xxx/CVE-2012-5168.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5168",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121017 Multiple vulnerabilities in AContent",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-10/0095.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23117",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23117"
},
{
"name" : "http://update.atutor.ca/acontent/patch/1_2/",
"refsource" : "CONFIRM",
"url" : "http://update.atutor.ca/acontent/patch/1_2/"
},
{
"name" : "56100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56100"
},
{
"name" : "86428",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86428"
},
{
"name" : "51014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51014"
},
{
"name" : "51034",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51034"
},
{
"name" : "acontent-indexinlineeditorsubmit-sec-bypass(79462)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79462"
},
{
"name" : "acontent-pwd-field-security-bypass(79461)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79461"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51014"
},
{
"name": "86428",
"refsource": "OSVDB",
"url": "http://osvdb.org/86428"
},
{
"name": "56100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56100"
},
{
"name": "20121017 Multiple vulnerabilities in AContent",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0095.html"
},
{
"name": "http://update.atutor.ca/acontent/patch/1_2/",
"refsource": "CONFIRM",
"url": "http://update.atutor.ca/acontent/patch/1_2/"
},
{
"name": "acontent-pwd-field-security-bypass(79461)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79461"
},
{
"name": "acontent-indexinlineeditorsubmit-sec-bypass(79462)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79462"
},
{
"name": "51034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51034"
},
{
"name": "https://www.htbridge.com/advisory/HTB23117",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23117"
}
]
}
}

150
2012/5xxx/CVE-2012-5453.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB23117",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23117"
},
{
"name" : "56237",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56237"
},
{
"name" : "86424",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86424"
},
{
"name" : "51034",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51034"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56237"
},
{
"name": "51034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51034"
},
{
"name": "https://www.htbridge.com/advisory/HTB23117",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23117"
},
{
"name": "86424",
"refsource": "OSVDB",
"url": "http://osvdb.org/86424"
}
]
}
}

160
2012/5xxx/CVE-2012-5489.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"name" : "https://bugs.launchpad.net/zope2/+bug/1079238",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/zope2/+bug/1079238"
},
{
"name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource" : "CONFIRM",
"url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name" : "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource" : "CONFIRM",
"url" : "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name" : "https://plone.org/products/plone/security/advisories/20121106/05",
"refsource" : "CONFIRM",
"url" : "https://plone.org/products/plone/security/advisories/20121106/05"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "CONFIRM",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"name": "https://plone.org/products/plone/security/advisories/20121106/05",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone/security/advisories/20121106/05"
},
{
"name": "https://bugs.launchpad.net/zope2/+bug/1079238",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/zope2/+bug/1079238"
},
{
"name": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
]
}
}

140
2017/11xxx/CVE-2017-11284.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-11284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Vulnerable 3rd Party Library"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-11284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.",
"version": {
"version_data": [
{
"version_value": "Adobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html"
},
{
"name" : "100708",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100708"
},
{
"name" : "1039321",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Vulnerable 3rd Party Library"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb17-30.html"
},
{
"name": "1039321",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039321"
},
{
"name": "100708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100708"
}
]
}
}

152
2017/11xxx/CVE-2017-11876.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-11-14T00:00:00",
"ID" : "CVE-2017-11876",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Server",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Project Server 2013, Microsoft SharePoint Enterprise Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka \"Microsoft Project Server Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Server",
"version": {
"version_data": [
{
"version_value": "Microsoft Project Server 2013, Microsoft SharePoint Enterprise Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876"
},
{
"name" : "101754",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101754"
},
{
"name" : "1039788",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039788"
},
{
"name" : "1039789",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039789"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka \"Microsoft Project Server Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039789",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039789"
},
{
"name": "1039788",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039788"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11876"
},
{
"name": "101754",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101754"
}
]
}
}

142
2017/3xxx/CVE-2017-3108.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-3108",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Experience Manager",
"version" : {
"version_data" : [
{
"version_value" : "AEM 6.2 and earlier"
}
]
}
}
]
},
"vendor_name" : "Adobe Systems Incorporated"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Malicious file execution"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-3108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Experience Manager",
"version": {
"version_data": [
{
"version_value": "AEM 6.2 and earlier"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html"
},
{
"name" : "100195",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100195"
},
{
"name" : "1039099",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039099"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Malicious file execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100195"
},
{
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html"
},
{
"name": "1039099",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039099"
}
]
}
}

142
2017/3xxx/CVE-2017-3110.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-3110",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Experience Manager",
"version" : {
"version_data" : [
{
"version_value" : "AEM 6.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Adobe Systems Incorporated"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Sensitive Data Exposure"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-3110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Experience Manager",
"version": {
"version_data": [
{
"version_value": "AEM 6.1 and earlier"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html"
},
{
"name" : "100192",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100192"
},
{
"name" : "1039099",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039099"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive Data Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100192"
},
{
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb17-26.html"
},
{
"name": "1039099",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039099"
}
]
}
}

138
2017/3xxx/CVE-2017-3150.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2017-05-07T00:00:00",
"ID" : "CVE-2017-3150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Atlas",
"version" : {
"version_data" : [
{
"version_value" : "0.6.0-incubating"
},
{
"version_value" : "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of insecure cookies"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-05-07T00:00:00",
"ID": "CVE-2017-3150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Atlas",
"version": {
"version_data": [
{
"version_value": "0.6.0-incubating"
},
{
"version_value": "0.7.0-incubating"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
},
{
"name" : "100536",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100536"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of insecure cookies"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[dev] 20170507 CVE updates: fixes in Apache Atlas 0.7.1-incubating",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/4a4fef91e067fd0d9da569e30867c1fa65e2a0520acde71ddefee0ea@%3Cdev.atlas.apache.org%3E"
},
{
"name": "100536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100536"
}
]
}
}

150
2017/3xxx/CVE-2017-3196.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3196",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ASUS PCE-AC56 WLAN Card Utilities",
"version" : {
"version_data" : [
{
"version_value" : "Unknown"
}
]
}
}
]
},
"vendor_name" : "Printing Communications Assoc., Inc. (PCAUSA)"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASUS PCE-AC56 WLAN Card Utilities",
"version": {
"version_data": [
{
"version_value": "Unknown"
}
]
}
}
]
},
"vendor_name": "Printing Communications Assoc., Inc. (PCAUSA)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.rewolf.pl/blog/?p=1778",
"refsource" : "MISC",
"url" : "http://blog.rewolf.pl/blog/?p=1778"
},
{
"name" : "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/",
"refsource" : "MISC",
"url" : "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/"
},
{
"name" : "VU#600671",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/600671"
},
{
"name" : "96993",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96993/discuss"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.rewolf.pl/blog/?p=1778",
"refsource": "MISC",
"url": "http://blog.rewolf.pl/blog/?p=1778"
},
{
"name": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/",
"refsource": "MISC",
"url": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/"
},
{
"name": "VU#600671",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/600671"
},
{
"name": "96993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96993/discuss"
}
]
}
}

146
2017/3xxx/CVE-2017-3269.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3269",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_value" : "8.5.2"
},
{
"version_value" : "8.5.3"
}
]
}
}
]
},
"vendor_name" : "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_value": "8.5.2"
},
{
"version_value": "8.5.3"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "95524",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95524"
},
{
"name" : "1037631",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037631"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037631"
},
{
"name": "95524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95524"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

188
2017/3xxx/CVE-2017-3462.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3462",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "5.5.54 and earlier"
},
{
"version_affected" : "=",
"version_value" : "5.6.35 and earlier"
},
{
"version_affected" : "=",
"version_value" : "5.7.17 and earlier"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.5.54 and earlier"
},
{
"version_affected": "=",
"version_value": "5.6.35 and earlier"
},
{
"version_affected": "=",
"version_value": "5.7.17 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "DSA-3834",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3834"
},
{
"name" : "RHSA-2017:2886",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name" : "RHSA-2017:2787",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name" : "97851",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97851"
},
{
"name" : "1038287",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038287"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily \"exploitable\" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "1038287",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038287"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "97851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97851"
},
{
"name": "DSA-3834",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3834"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
}
]
}
}

130
2017/7xxx/CVE-2017-7071.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207600",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207600"
},
{
"name" : "100613",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100613"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100613"
},
{
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207600"
}
]
}
}

190
2017/7xxx/CVE-2017-7104.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208112",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208112"
},
{
"name" : "https://support.apple.com/HT208113",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208113"
},
{
"name" : "https://support.apple.com/HT208116",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208116"
},
{
"name" : "https://support.apple.com/HT208141",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208141"
},
{
"name" : "https://support.apple.com/HT208142",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208142"
},
{
"name" : "100994",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100994"
},
{
"name" : "1039384",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039384"
},
{
"name" : "1039428",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039428"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100994"
},
{
"name": "https://support.apple.com/HT208141",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208141"
},
{
"name": "1039384",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039384"
},
{
"name": "https://support.apple.com/HT208142",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208142"
},
{
"name": "https://support.apple.com/HT208113",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208113"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name": "1039428",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039428"
},
{
"name": "https://support.apple.com/HT208116",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208116"
}
]
}
}

170
2017/7xxx/CVE-2017-7215.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7215",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fortiguard.com/advisory/FG-VD-17-021",
"refsource" : "MISC",
"url" : "http://www.fortiguard.com/advisory/FG-VD-17-021"
},
{
"name" : "https://github.com/MISP/MISP/commit/3630a8b1e1cd99862867fe72ffa1ff51e4d9c09f",
"refsource" : "CONFIRM",
"url" : "https://github.com/MISP/MISP/commit/3630a8b1e1cd99862867fe72ffa1ff51e4d9c09f"
},
{
"name" : "https://github.com/MISP/MISP/commit/599b3638384bfe49fa527bcb060f3f608a296996",
"refsource" : "CONFIRM",
"url" : "https://github.com/MISP/MISP/commit/599b3638384bfe49fa527bcb060f3f608a296996"
},
{
"name" : "https://www.misp.software/2017/03/10/MISP.2.4.69.released.html",
"refsource" : "CONFIRM",
"url" : "https://www.misp.software/2017/03/10/MISP.2.4.69.released.html"
},
{
"name" : "https://www.misp.software/Changelog.txt",
"refsource" : "CONFIRM",
"url" : "https://www.misp.software/Changelog.txt"
},
{
"name" : "96997",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96997"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96997"
},
{
"name": "https://www.misp.software/Changelog.txt",
"refsource": "CONFIRM",
"url": "https://www.misp.software/Changelog.txt"
},
{
"name": "http://www.fortiguard.com/advisory/FG-VD-17-021",
"refsource": "MISC",
"url": "http://www.fortiguard.com/advisory/FG-VD-17-021"
},
{
"name": "https://www.misp.software/2017/03/10/MISP.2.4.69.released.html",
"refsource": "CONFIRM",
"url": "https://www.misp.software/2017/03/10/MISP.2.4.69.released.html"
},
{
"name": "https://github.com/MISP/MISP/commit/3630a8b1e1cd99862867fe72ffa1ff51e4d9c09f",
"refsource": "CONFIRM",
"url": "https://github.com/MISP/MISP/commit/3630a8b1e1cd99862867fe72ffa1ff51e4d9c09f"
},
{
"name": "https://github.com/MISP/MISP/commit/599b3638384bfe49fa527bcb060f3f608a296996",
"refsource": "CONFIRM",
"url": "https://github.com/MISP/MISP/commit/599b3638384bfe49fa527bcb060f3f608a296996"
}
]
}
}

120
2017/7xxx/CVE-2017-7563.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7563",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-3",
"refsource" : "CONFIRM",
"url" : "https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-3"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two bits)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-3",
"refsource": "CONFIRM",
"url": "https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-3"
}
]
}
}

130
2017/8xxx/CVE-2017-8277.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-8277",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-09-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name" : "100658",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100658"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100658"
}
]
}
}

140
2017/8xxx/CVE-2017-8351.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/448",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/448"
},
{
"name" : "DSA-3863",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3863"
},
{
"name" : "98371",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98371"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98371"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/448",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/448"
},
{
"name": "DSA-3863",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3863"
}
]
}
}

170
2017/8xxx/CVE-2017-8379.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8379",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/05/03/2"
},
{
"name" : "[qemu-devel] 20170428 [PATCH] input: limit kbd queue depth",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html"
},
{
"name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name" : "GLSA-201706-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-03"
},
{
"name" : "RHSA-2017:2408",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name" : "98277",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98277"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the keyboard input event handlers support in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption) by rapidly generating large keyboard events."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name": "[qemu-devel] 20170428 [PATCH] input: limit kbd queue depth",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html"
},
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[oss-security] 20170503 CVE-2017-8379 Qemu: input: host memory lekage via keyboard",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/03/2"
},
{
"name": "RHSA-2017:2408",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2408"
},
{
"name": "98277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98277"
}
]
}
}

152
2017/8xxx/CVE-2017-8678.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-09-12T00:00:00",
"ID" : "CVE-2017-8678",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows kernel",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows kernel",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42750",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42750/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8678",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8678"
},
{
"name" : "100769",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100769"
},
{
"name" : "1039325",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039325"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42750",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42750/"
},
{
"name": "100769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100769"
},
{
"name": "1039325",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039325"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8678",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8678"
}
]
}
}

130
2017/8xxx/CVE-2017-8933.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8933",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/862570",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/862570"
},
{
"name" : "https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commit;h=56f66684592abf257c4004e6e1fff041c64a12ce",
"refsource" : "CONFIRM",
"url" : "https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commit;h=56f66684592abf257c4004e6e1fff041c64a12ce"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/862570",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/862570"
},
{
"name": "https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commit;h=56f66684592abf257c4004e6e1fff041c64a12ce",
"refsource": "CONFIRM",
"url": "https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commit;h=56f66684592abf257c4004e6e1fff041c64a12ce"
}
]
}
}

34
2018/10xxx/CVE-2018-10007.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10007",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10007",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/10xxx/CVE-2018-10763.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10763",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45386",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45386/"
},
{
"name" : "http://packetstormsecurity.com/files/149324/SynaMan-4.0-Build-1488-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149324/SynaMan-4.0-Build-1488-Cross-Site-Scripting.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45386",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45386/"
},
{
"name": "http://packetstormsecurity.com/files/149324/SynaMan-4.0-Build-1488-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149324/SynaMan-4.0-Build-1488-Cross-Site-Scripting.html"
}
]
}
}

34
2018/10xxx/CVE-2018-10797.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10797",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10797",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2018/10xxx/CVE-2018-10852.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2018-10852",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "sssd",
"version" : {
"version_data" : [
{
"version_value" : "SSSD 1.16.3"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "3.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sssd",
"version": {
"version_data": [
{
"version_value": "SSSD 1.16.3"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180716 [SECURITY] [DLA 1429-1] sssd security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852"
},
{
"name" : "RHSA-2018:3158",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3158"
},
{
"name" : "104547",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104547"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180716 [SECURITY] [DLA 1429-1] sssd security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852"
},
{
"name": "RHSA-2018:3158",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3158"
},
{
"name": "104547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104547"
}
]
}
}

34
2018/10xxx/CVE-2018-10899.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10899",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10899",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/13xxx/CVE-2018-13155.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13155",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for GEMCHAIN (GEM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

34
2018/13xxx/CVE-2018-13288.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13288",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13288",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/13xxx/CVE-2018-13655.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13655",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for GFC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GFC",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GFC"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for GFC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GFC",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GFC"
}
]
}
}

34
2018/13xxx/CVE-2018-13971.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13971",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13971",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/17xxx/CVE-2018-17239.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17239",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17239",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/17xxx/CVE-2018-17285.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17285",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17285",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/17xxx/CVE-2018-17625.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17625",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.1.0.5096"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval() method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6438."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416: Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-17625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.1.0.5096"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1094/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1094/"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval() method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6438."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1094/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1094/"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

34
2018/9xxx/CVE-2018-9632.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9632",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9632",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9714.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9714",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9714",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}