admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:36:22 +00:00
parent 5d891dbe40
commit e040876457
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3738 additions and 3738 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2003/0xxx/CVE-2003-0060.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0060", "ID": "CVE-2003-0060",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt" "lang": "eng",
}, "value": "Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names."
{ }
"name" : "CLSA-2003:639", ]
"refsource" : "CONECTIVA", },
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#787523", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/787523" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "6712", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/6712" ]
}, },
{ "references": {
"name" : "kerberos-kdc-format-string(11189)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11189" "name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt",
}, "refsource": "CONFIRM",
{ "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt"
"name" : "4879", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/4879" "name": "CLSA-2003:639",
} "refsource": "CONECTIVA",
] "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639"
} },
} {
"name": "6712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6712"
},
{
"name": "VU#787523",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/787523"
},
{
"name": "kerberos-kdc-format-string(11189)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11189"
},
{
"name": "4879",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4879"
}
]
}
}

120
2003/0xxx/CVE-2003-0126.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0126", "ID": "CVE-2003-0126",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default \"admin\" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.krusesecurity.dk/advisories/routefind550bof.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.krusesecurity.dk/advisories/routefind550bof.txt" "lang": "eng",
} "value": "The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default \"admin\" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.krusesecurity.dk/advisories/routefind550bof.txt",
"refsource": "MISC",
"url": "http://www.krusesecurity.dk/advisories/routefind550bof.txt"
}
]
}
}

210
2003/0xxx/CVE-2003-0446.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0446", "ID": "CVE-2003-0446",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105585986015421&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message."
{ }
"name" : "20030617 Re: [Full-Disclosure] Cross-Site Scripting in Unparsable XML Files", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=105595990924165&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20030617 Re: Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0120.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", ]
"refsource" : "NTBUGTRAQ", }
"url" : "http://marc.info/?l=ntbugtraq&m=105585001905002&w=2" ]
}, },
{ "references": {
"name" : "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)", "reference_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005762.html" "name": "ie-msxml-xss(12334)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12334"
"name" : "http://security.greymagic.com/adv/gm013-ie/", },
"refsource" : "MISC", {
"url" : "http://security.greymagic.com/adv/gm013-ie/" "name": "20030617 Re: [Full-Disclosure] Cross-Site Scripting in Unparsable XML Files",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=105595990924165&w=2"
"name" : "7938", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/7938" "name": "3065",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/3065"
"name" : "3065", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/3065" "name": "20030617 Re: Cross-Site Scripting in Unparsable XML Files (GM#013-IE)",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2003-06/0120.html"
"name" : "9055", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/9055" "name": "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005762.html"
"name" : "ie-msxml-xss(12334)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12334" "name": "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)",
} "refsource": "NTBUGTRAQ",
] "url": "http://marc.info/?l=ntbugtraq&m=105585001905002&w=2"
} },
} {
"name": "7938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7938"
},
{
"name": "9055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9055"
},
{
"name": "http://security.greymagic.com/adv/gm013-ie/",
"refsource": "MISC",
"url": "http://security.greymagic.com/adv/gm013-ie/"
},
{
"name": "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105585986015421&w=2"
}
]
}
}

180
2003/0xxx/CVE-2003-0530.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0530", "ID": "CVE-2003-0530",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS03-032", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" "lang": "eng",
}, "value": "Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code."
{ }
"name" : "CA-2003-22", ]
"refsource" : "CERT", },
"url" : "http://www.cert.org/advisories/CA-2003-22.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#548964", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/548964" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8454", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/8454" ]
}, },
{ "references": {
"name" : "1007538", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1007538" "name": "9580",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/9580"
"name" : "9580", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/9580" "name": "ie-br549-activex-bo(12962)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962"
"name" : "ie-br549-activex-bo(12962)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962" "name": "CA-2003-22",
} "refsource": "CERT",
] "url": "http://www.cert.org/advisories/CA-2003-22.html"
} },
} {
"name": "VU#548964",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/548964"
},
{
"name": "MS03-032",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name": "8454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8454"
},
{
"name": "1007538",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007538"
}
]
}
}

34
2003/0xxx/CVE-2003-0691.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2003-0691", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2003-0691",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not associated with any specific security issue. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not associated with any specific security issue. Notes: none."
} }
] ]
} }
} }

140
2003/1xxx/CVE-2003-1373.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1373", "ID": "CVE-2003-1373",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030220 phpBB Security Bugs", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php."
{ }
"name" : "phpbb-auth-read-files(11407)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "6889", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6889" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "6889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6889"
},
{
"name": "20030220 phpBB Security Bugs",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html"
},
{
"name": "phpbb-auth-read-files(11407)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407"
}
]
}
}

34
2004/0xxx/CVE-2004-0585.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2004-0585", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2004-0585",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0589. Reason: This candidate is a duplicate of CVE-2004-0589. Notes: All CVE users should reference CVE-2004-0589 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0589. Reason: This candidate is a duplicate of CVE-2004-0589. Notes: All CVE users should reference CVE-2004-0589 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

170
2004/2xxx/CVE-2004-2491.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2491", "ID": "CVE-2004-2491",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040726 Opera 7.53 (Build 3850) Address Bar Spoofing Issue", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.html" "lang": "eng",
}, "value": "A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks."
{ }
"name" : "http://www.opera.com/windows/changelogs/754/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.opera.com/windows/changelogs/754/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10810", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10810" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8317", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/8317" ]
}, },
{ "references": {
"name" : "12162", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12162" "name": "opera-addressbar-spoofing(16816)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16816"
"name" : "opera-addressbar-spoofing(16816)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16816" "name": "20040726 Opera 7.53 (Build 3850) Address Bar Spoofing Issue",
} "refsource": "FULLDISC",
] "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1056.html"
} },
} {
"name": "12162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12162"
},
{
"name": "http://www.opera.com/windows/changelogs/754/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/windows/changelogs/754/"
},
{
"name": "8317",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8317"
},
{
"name": "10810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10810"
}
]
}
}

130
2004/2xxx/CVE-2004-2711.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2711", "ID": "CVE-2004-2711",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"avatar retrieval.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php" "lang": "eng",
}, "value": "Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to \"avatar retrieval.\""
{ }
"name" : "8972", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/8972" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php"
},
{
"name": "8972",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8972"
}
]
}
}

160
2004/2xxx/CVE-2004-2723.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2723", "ID": "CVE-2004-2723",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040327 NessusWX stores credentials in plain text", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2004/Mar/1343.html" "lang": "eng",
}, "value": "NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords."
{ }
"name" : "9993", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9993" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4814", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/4814" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1009577", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1009577" ]
}, },
{ "references": {
"name" : "nessuswx-sessionfiles-plaintext-password(15641)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15641" "name": "4814",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/4814"
} },
} {
"name": "9993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9993"
},
{
"name": "20040327 NessusWX stores credentials in plain text",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2004/Mar/1343.html"
},
{
"name": "1009577",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009577"
},
{
"name": "nessuswx-sessionfiles-plaintext-password(15641)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15641"
}
]
}
}

170
2004/2xxx/CVE-2004-2724.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2724", "ID": "CVE-2004-2724",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040827 DoS in Chat Anywhere 2.72a", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1183.html" "lang": "eng",
}, "value": "LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character."
{ }
"name" : "http://www.autistici.org/fdonato/advisory/ChatAnywhere2.72a-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://www.autistici.org/fdonato/advisory/ChatAnywhere2.72a-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9275", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/9275" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1011080", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1011080" ]
}, },
{ "references": {
"name" : "12398", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12398" "name": "chat-anywhere-username-dos(17148)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17148"
"name" : "chat-anywhere-username-dos(17148)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17148" "name": "http://www.autistici.org/fdonato/advisory/ChatAnywhere2.72a-adv.txt",
} "refsource": "MISC",
] "url": "http://www.autistici.org/fdonato/advisory/ChatAnywhere2.72a-adv.txt"
} },
} {
"name": "1011080",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011080"
},
{
"name": "9275",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9275"
},
{
"name": "12398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12398"
},
{
"name": "20040827 DoS in Chat Anywhere 2.72a",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1183.html"
}
]
}
}

190
2008/2xxx/CVE-2008-2247.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-2247", "ID": "CVE-2008-2247",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS08-039", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-039" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248."
{ }
"name" : "TA08-190A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-190A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30130", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30130" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:5354", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5354" ]
}, },
{ "references": {
"name" : "ADV-2008-2021", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2021/references" "name": "ADV-2008-2021",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2021/references"
"name" : "1020439", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020439" "name": "exchange-owa-email-fields-xss(43328)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43328"
"name" : "30964", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30964" "name": "1020439",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020439"
"name" : "exchange-owa-email-fields-xss(43328)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43328" "name": "30130",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/30130"
} },
} {
"name": "oval:org.mitre.oval:def:5354",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5354"
},
{
"name": "MS08-039",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-039"
},
{
"name": "30964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30964"
},
{
"name": "TA08-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-190A.html"
}
]
}
}

350
2008/2xxx/CVE-2008-2316.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2316", "ID": "CVE-2008-2316",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to \"partial hashlib hashing of data exceeding 4GB.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080813 rPSA-2008-0243-1 idle python", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/495445/100/0/threaded" "lang": "eng",
}, "value": "Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to \"partial hashlib hashing of data exceeding 4GB.\""
{ }
"name" : "http://bugs.gentoo.org/attachment.cgi?id=159422&action=view", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.gentoo.org/attachment.cgi?id=159422&action=view" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=230640", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=230640" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0243", ]
"refsource" : "CONFIRM", }
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0243" ]
}, },
{ "references": {
"name" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900" "name": "20080813 rPSA-2008-0243-1 idle python",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/495445/100/0/threaded"
"name" : "http://support.apple.com/kb/HT3438", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3438" "name": "SUSE-SR:2008:017",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
"name" : "APPLE-SA-2009-02-12", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" "name": "ADV-2008-2288",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2288"
"name" : "GLSA-200807-16", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200807-16.xml" "name": "python-multiple-bo(44173)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44173"
"name" : "MDVSA-2008:163", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:163" "name": "30491",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30491"
"name" : "SSA:2008-217-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289" "name": "33937",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33937"
"name" : "SUSE-SR:2008:017", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" "name": "31687",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31687"
"name" : "USN-632-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-632-1" "name": "GLSA-200807-16",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200807-16.xml"
"name" : "30491", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30491" "name": "http://support.apple.com/kb/HT3438",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3438"
"name" : "ADV-2008-2288", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2288" "name": "APPLE-SA-2009-02-12",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
"name" : "31358", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31358" "name": "31358",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31358"
"name" : "31305", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31305" "name": "31332",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31332"
"name" : "31332", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31332" "name": "USN-632-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-632-1"
"name" : "31365", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31365" "name": "31518",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31518"
"name" : "31518", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31518" "name": "python-hashlib-overflow(44174)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44174"
"name" : "31687", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31687" "name": "31305",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31305"
"name" : "31473", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31473" "name": "http://bugs.gentoo.org/show_bug.cgi?id=230640",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.gentoo.org/show_bug.cgi?id=230640"
"name" : "33937", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33937" "name": "31365",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31365"
"name" : "python-hashlib-overflow(44174)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44174" "name": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900",
}, "refsource": "CONFIRM",
{ "url": "http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900"
"name" : "python-multiple-bo(44173)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44173" "name": "31473",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/31473"
} },
} {
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0243",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0243"
},
{
"name": "MDVSA-2008:163",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:163"
},
{
"name": "SSA:2008-217-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.525289"
},
{
"name": "http://bugs.gentoo.org/attachment.cgi?id=159422&action=view",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/attachment.cgi?id=159422&action=view"
}
]
}
}

580
2008/2xxx/CVE-2008-2360.json
View File

@ -1,292 +1,292 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-2360", "ID": "CVE-2008-2360",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080611 Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718" "lang": "eng",
}, "value": "Integer overflow in the AllocateGlyph function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to execute arbitrary code via unspecified request fields that are used to calculate a heap buffer size, which triggers a heap-based buffer overflow."
{ }
"name" : "20080620 rPSA-2008-0200-1 xorg-server", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/493548/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493550/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions", ]
"refsource" : "MLIST", }
"url" : "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html" ]
}, },
{ "references": {
"name" : "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff" "name": "https://issues.rpath.com/browse/RPL-2607",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-2607"
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201", },
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201" "name": "30629",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30629"
"name" : "https://issues.rpath.com/browse/RPL-2607", },
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-2607" "name": "oval:org.mitre.oval:def:9329",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329"
"name" : "https://issues.rpath.com/browse/RPL-2619", },
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-2619" "name": "238686",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1"
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm" "name": "33937",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33937"
"name" : "http://support.apple.com/kb/HT3438", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3438" "name": "30664",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30664"
"name" : "APPLE-SA-2009-02-12", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html" "name": "MDVSA-2008:115",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115"
"name" : "DSA-1595", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1595" "name": "20080621 rPSA-2008-0201-1 xorg-x11 xorg-x11-fonts xorg-x11-tools xorg-x11-xfs",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/493550/100/0/threaded"
"name" : "GLSA-200806-07", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200806-07.xml" "name": "31025",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31025"
"name" : "GLSA-200807-07", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml" "name": "20080611 Multiple Vendor X Server Render Extension AllocateGlyph() Integer Overflow Vulnerability",
}, "refsource": "IDEFENSE",
{ "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=718"
"name" : "MDVSA-2008:116", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116" "name": "RHSA-2008:0502",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2008-0502.html"
"name" : "MDVSA-2008:115", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:115" "name": "http://support.apple.com/kb/HT3438",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3438"
"name" : "MDVSA-2008:179", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179" "name": "APPLE-SA-2009-02-12",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
"name" : "RHSA-2008:0502", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0502.html" "name": "ADV-2008-1833",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1833"
"name" : "RHSA-2008:0504", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0504.html" "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0201"
"name" : "RHSA-2008:0512", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0512.html" "name": "GLSA-200806-07",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200806-07.xml"
"name" : "RHSA-2008:0503", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0503.html" "name": "30715",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30715"
"name" : "238686", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1" "name": "30666",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30666"
"name" : "SUSE-SA:2008:027", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html" "name": "30627",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30627"
"name" : "SUSE-SR:2008:019", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html" "name": "30637",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30637"
"name" : "USN-616-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-616-1" "name": "MDVSA-2008:116",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:116"
"name" : "oval:org.mitre.oval:def:9329", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9329" "name": "ADV-2008-1803",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1803"
"name" : "ADV-2008-1803", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1803" "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-249.htm"
"name" : "ADV-2008-1833", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1833" "name": "SUSE-SA:2008:027",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html"
"name" : "ADV-2008-1983", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1983/references" "name": "1020243",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1020243"
"name" : "1020243", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020243" "name": "30772",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30772"
"name" : "30627", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30627" "name": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff",
}, "refsource": "CONFIRM",
{ "url": "ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2360.diff"
"name" : "30628", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30628" "name": "RHSA-2008:0503",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0503.html"
"name" : "30629", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30629" "name": "30628",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30628"
"name" : "30630", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30630" "name": "30659",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30659"
"name" : "30637", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30637" "name": "31109",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31109"
"name" : "30659", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30659" "name": "ADV-2008-1983",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1983/references"
"name" : "30664", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30664" "name": "30671",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30671"
"name" : "30666", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30666" "name": "30809",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30809"
"name" : "30671", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30671" "name": "MDVSA-2008:179",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:179"
"name" : "30715", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30715" "name": "[xorg] 20080611 X.Org security advisory june 2008 - Multiple vulnerabilities in X server extensions",
}, "refsource": "MLIST",
{ "url": "http://lists.freedesktop.org/archives/xorg/2008-June/036026.html"
"name" : "30772", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30772" "name": "RHSA-2008:0504",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2008-0504.html"
"name" : "30809", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30809" "name": "30843",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30843"
"name" : "30843", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30843" "name": "DSA-1595",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1595"
"name" : "31109", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31109" "name": "USN-616-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-616-1"
"name" : "32099", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32099" "name": "32099",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32099"
"name" : "31025", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31025" "name": "https://issues.rpath.com/browse/RPL-2619",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-2619"
"name" : "33937", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33937" "name": "SUSE-SR:2008:019",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
} },
} {
"name": "RHSA-2008:0512",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0512.html"
},
{
"name": "20080620 rPSA-2008-0200-1 xorg-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493548/100/0/threaded"
},
{
"name": "30630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30630"
},
{
"name": "GLSA-200807-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200807-07.xml"
}
]
}
}

320
2008/2xxx/CVE-2008-2540.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2540", "ID": "CVE-2008-2540",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a \"Carpet Bomb\" and a \"Blended Threat Elevation of Privilege Vulnerability,\" a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx", "description_data": [
"refsource" : "MISC", {
"url" : "http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx" "lang": "eng",
}, "value": "Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a \"Carpet Bomb\" and a \"Blended Threat Elevation of Privilege Vulnerability,\" a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X."
{ }
"name" : "http://blogs.zdnet.com/security/?p=1230", ]
"refsource" : "MISC", },
"url" : "http://blogs.zdnet.com/security/?p=1230" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.microsoft.com/technet/security/advisory/953818.mspx", ]
"refsource" : "MISC", }
"url" : "http://www.microsoft.com/technet/security/advisory/953818.mspx" ]
}, },
{ "references": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm" "name": "30467",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30467"
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138", },
"refsource" : "CONFIRM", {
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138" "name": "ADV-2009-1028",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1028"
"name" : "APPLE-SA-2008-06-19", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html" "name": "1022047",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022047"
"name" : "MS09-014", },
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014" "name": "1020150",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1020150"
"name" : "MS09-015", },
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-015" "name": "29445",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/29445"
"name" : "TA09-104A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-104A.html" "name": "http://www.microsoft.com/technet/security/advisory/953818.mspx",
}, "refsource": "MISC",
{ "url": "http://www.microsoft.com/technet/security/advisory/953818.mspx"
"name" : "29445", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29445" "name": "ADV-2009-1029",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1029"
"name" : "oval:org.mitre.oval:def:5782", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5782" "name": "TA09-104A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
"name" : "oval:org.mitre.oval:def:6108", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6108" "name": "oval:org.mitre.oval:def:8509",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8509"
"name" : "oval:org.mitre.oval:def:8509", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8509" "name": "http://blogs.zdnet.com/security/?p=1230",
}, "refsource": "MISC",
{ "url": "http://blogs.zdnet.com/security/?p=1230"
"name" : "1022047", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022047" "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138",
}, "refsource": "CONFIRM",
{ "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138"
"name" : "1020150", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020150" "name": "MS09-014",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
"name" : "30467", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30467" "name": "http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html",
}, "refsource": "MISC",
{ "url": "http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html"
"name" : "ADV-2008-1706", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1706" "name": "APPLE-SA-2008-06-19",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html"
"name" : "ADV-2009-1028", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1028" "name": "http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx",
}, "refsource": "MISC",
{ "url": "http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx"
"name" : "ADV-2009-1029", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1029" "name": "oval:org.mitre.oval:def:5782",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5782"
"name" : "apple-safari-windows-code-execution(42765)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42765" "name": "apple-safari-windows-code-execution(42765)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42765"
} },
} {
"name": "MS09-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-015"
},
{
"name": "oval:org.mitre.oval:def:6108",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6108"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
},
{
"name": "ADV-2008-1706",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1706"
}
]
}
}

150
2008/2xxx/CVE-2008-2888.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2888", "ID": "CVE-2008-2888",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in lib/obj/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5901", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5901" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in lib/obj/."
{ }
"name" : "29874", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29874" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30770", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30770" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "migcms-globals-file-include(43250)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43250" ]
} },
] "references": {
} "reference_data": [
} {
"name": "30770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30770"
},
{
"name": "5901",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5901"
},
{
"name": "migcms-globals-file-include(43250)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43250"
},
{
"name": "29874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29874"
}
]
}
}

150
2012/1xxx/CVE-2012-1085.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1085", "ID": "CVE-2012-1085",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", "description_data": [
"refsource" : "MISC", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" "lang": "eng",
}, "value": "Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors."
{ }
"name" : "51852", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/51852" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "78799", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/78799" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "typo3-beuserswitch-unspec-info-disclosure(72973)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72973" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51852"
},
{
"name": "78799",
"refsource": "OSVDB",
"url": "http://osvdb.org/78799"
},
{
"name": "typo3-beuserswitch-unspec-info-disclosure(72973)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72973"
}
]
}
}

240
2012/1xxx/CVE-2012-1183.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-1183", "ID": "CVE-2012-1183",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120315 AST-2012-002: Remote Crash Vulnerability in Milliwatt Application", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html" "lang": "eng",
}, "value": "Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet."
{ }
"name" : "[oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/03/16/10" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/03/16/17" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff", ]
"refsource" : "CONFIRM", }
"url" : "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff" ]
}, },
{ "references": {
"name" : "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf" "name": "DSA-2460",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2460"
"name" : "http://www.asterisk.org/node/51797", },
"refsource" : "CONFIRM", {
"url" : "http://www.asterisk.org/node/51797" "name": "[oss-security] 20120316 Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/03/16/17"
"name" : "DSA-2460", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2460" "name": "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://downloads.asterisk.org/pub/security/AST-2012-002.pdf"
"name" : "52523", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52523" "name": "20120315 AST-2012-002: Remote Crash Vulnerability in Milliwatt Application",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0069.html"
"name" : "80125", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80125" "name": "80125",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/80125"
"name" : "1026812", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1026812" "name": "52523",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52523"
"name" : "48417", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48417" "name": "48941",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48941"
"name" : "48941", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48941" "name": "http://www.asterisk.org/node/51797",
}, "refsource": "CONFIRM",
{ "url": "http://www.asterisk.org/node/51797"
"name" : "asterisk-milliwattgenerate-dos(74082)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74082" "name": "48417",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/48417"
} },
} {
"name": "asterisk-milliwattgenerate-dos(74082)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74082"
},
{
"name": "[oss-security] 20120316 CVE Request -- Asterisk: AST-2012-002 and AST-2012-003 flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/16/10"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff"
},
{
"name": "1026812",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026812"
}
]
}
}

34
2012/1xxx/CVE-2012-1278.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1278", "ID": "CVE-2012-1278",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/1xxx/CVE-2012-1309.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1309", "ID": "CVE-2012-1309",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/1xxx/CVE-2012-1500.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1500", "ID": "CVE-2012-1500",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2012/1xxx/CVE-2012-1943.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1943", "ID": "CVE-2012-1943",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-35.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-35.html" "lang": "eng",
}, "value": "Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=750850", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=750850" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2012:0746", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:16924", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16924" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=750850",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=750850"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-35.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-35.html"
},
{
"name": "SUSE-SU-2012:0746",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html"
},
{
"name": "oval:org.mitre.oval:def:16924",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16924"
}
]
}
}

34
2012/5xxx/CVE-2012-5011.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5011", "ID": "CVE-2012-5011",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2012/5xxx/CVE-2012-5057.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5057", "ID": "CVE-2012-5057",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://owncloud.org/about/security/advisories/CVE-2012-5057/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://owncloud.org/about/security/advisories/CVE-2012-5057/" "lang": "eng",
} "value": "CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/CVE-2012-5057/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5057/"
}
]
}
}

170
2012/5xxx/CVE-2012-5350.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5350", "ID": "CVE-2012-5350",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18330", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18330" "lang": "eng",
}, "value": "SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode."
{ }
"name" : "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/", ]
"refsource" : "CONFIRM", },
"url" : "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "51308", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51308" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "78204", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/78204" ]
}, },
{ "references": {
"name" : "47475", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47475" "name": "78204",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/78204"
"name" : "paywithtweet-postpage-sql-injection(72165)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72165" "name": "51308",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/51308"
} },
} {
"name": "18330",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18330"
},
{
"name": "paywithtweet-postpage-sql-injection(72165)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72165"
},
{
"name": "47475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47475"
},
{
"name": "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/"
}
]
}
}

160
2012/5xxx/CVE-2012-5499.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-5499", "ID": "CVE-2012-5499",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1" "lang": "eng",
}, "value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns."
{ }
"name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://plone.org/products/plone-hotfix/releases/20121106", "description": [
"refsource" : "CONFIRM", {
"url" : "https://plone.org/products/plone-hotfix/releases/20121106" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://plone.org/products/plone/security/advisories/20121106/15", ]
"refsource" : "CONFIRM", }
"url" : "https://plone.org/products/plone/security/advisories/20121106/15" ]
}, },
{ "references": {
"name" : "RHSA-2014:1194", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1194.html" "name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
} "refsource": "CONFIRM",
] "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
} },
} {
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"name": "https://plone.org/products/plone/security/advisories/20121106/15",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone/security/advisories/20121106/15"
},
{
"name": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
]
}
}

34
2012/5xxx/CVE-2012-5555.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5555", "ID": "CVE-2012-5555",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2012/5xxx/CVE-2012-5881.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5881", "ID": "CVE-2012-5881",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207."
{ }
"name" : "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://yuilibrary.com/support/20121030-vulnerability/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://yuilibrary.com/support/20121030-vulnerability/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "56385", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/56385" ]
}, },
{ "references": {
"name" : "yui-flash-component-xss(80118)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118" "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/",
} "refsource": "CONFIRM",
] "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
} },
} {
"name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/",
"refsource": "CONFIRM",
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"name": "56385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56385"
},
{
"name": "yui-flash-component-xss(80118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118"
},
{
"name": "http://yuilibrary.com/support/20121030-vulnerability/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
}
]
}
}

150
2017/11xxx/CVE-2017-11311.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11311", "ID": "CVE-2017-11311",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.debian.org/867579", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.debian.org/867579" "lang": "eng",
}, "value": "soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples."
{ }
"name" : "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html", ]
"refsource" : "CONFIRM", },
"url" : "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision&rev=8438", "description": [
"refsource" : "CONFIRM", {
"url" : "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision&rev=8438" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800", ]
"refsource" : "CONFIRM", }
"url" : "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800",
"refsource": "CONFIRM",
"url": "https://source.openmpt.org/browse/openmpt/trunk/?rev=6800"
},
{
"name": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision&rev=8438",
"refsource": "CONFIRM",
"url": "https://source.openmpt.org/browse/openmpt/branches/OpenMPT-1.26/?op=revision&rev=8438"
},
{
"name": "https://bugs.debian.org/867579",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/867579"
},
{
"name": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html",
"refsource": "CONFIRM",
"url": "https://lib.openmpt.org/libopenmpt/md_announce-2017-07-07.html"
}
]
}
}

34
2017/11xxx/CVE-2017-11432.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11432", "ID": "CVE-2017-11432",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/11xxx/CVE-2017-11962.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11962", "ID": "CVE-2017-11962",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/3xxx/CVE-2017-3012.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-3012", "ID": "CVE-2017-3012",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure Library Loading (DLL hijacking)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" "lang": "eng",
}, "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin."
{ }
"name" : "97547", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97547" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038228", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038228" "lang": "eng",
} "value": "Insecure Library Loading (DLL hijacking)"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038228",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038228"
},
{
"name": "97547",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97547"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
}
]
}
}

138
2017/3xxx/CVE-2017-3218.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cert@cert.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2017-3218", "ID": "CVE-2017-3218",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Magician", "product_name": "Magician",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<5.1" "version_value": "<5.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Samsung" "vendor_name": "Samsung"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-295"
},
{
"lang" : "eng",
"value" : "CWE-311"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#846320", "description_data": [
"refsource" : "CERT-VN", {
"url" : "https://www.kb.cert.org/vuls/id/846320" "lang": "eng",
}, "value": "Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates."
{ }
"name" : "99081", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99081" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-295"
},
{
"lang": "eng",
"value": "CWE-311"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99081"
},
{
"name": "VU#846320",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/846320"
}
]
}
}

152
2017/3xxx/CVE-2017-3322.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3322", "ID": "CVE-2017-3322",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Cluster", "product_name": "MySQL Cluster",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.2.25 and earlier" "version_value": "7.2.25 and earlier"
}, },
{ {
"version_value" : "7.3.14 and earlier" "version_value": "7.3.14 and earlier"
}, },
{ {
"version_value" : "7.4.12 and earlier" "version_value": "7.4.12 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts)."
{ }
"name" : "95574", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95574" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037640", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037640" "lang": "eng",
} "value": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "95574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95574"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

122
2017/3xxx/CVE-2017-3892.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@blackberry.com", "ASSIGNER": "secure@blackberry.com",
"DATE_PUBLIC" : "2017-11-14T00:00:00", "DATE_PUBLIC": "2017-11-14T00:00:00",
"ID" : "CVE-2017-3892", "ID": "CVE-2017-3892",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "QNX Software Development Platform (QNX SDP)", "product_name": "QNX Software Development Platform (QNX SDP)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.6.0" "version_value": "6.6.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "BlackBerry" "vendor_name": "BlackBerry"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674" "lang": "eng",
} "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
}
]
}
}

190
2017/7xxx/CVE-2017-7277.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7277", "ID": "CVE-2017-7277",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://lkml.org/lkml/2017/3/15/485", "description_data": [
"refsource" : "MISC", {
"url" : "https://lkml.org/lkml/2017/3/15/485" "lang": "eng",
}, "value": "The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c."
{ }
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/torvalds/linux/commit/4ef1b2869447411ad3ef91ad7d4891a83c1a509a", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/4ef1b2869447411ad3ef91ad7d4891a83c1a509a" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/8605330aac5a5785630aec8f64378a54891937cc", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/8605330aac5a5785630aec8f64378a54891937cc" "name": "https://patchwork.ozlabs.org/patch/740636/",
}, "refsource": "CONFIRM",
{ "url": "https://patchwork.ozlabs.org/patch/740636/"
"name" : "https://patchwork.ozlabs.org/patch/740636/", },
"refsource" : "CONFIRM", {
"url" : "https://patchwork.ozlabs.org/patch/740636/" "name": "https://lkml.org/lkml/2017/3/15/485",
}, "refsource": "MISC",
{ "url": "https://lkml.org/lkml/2017/3/15/485"
"name" : "https://patchwork.ozlabs.org/patch/740639/", },
"refsource" : "CONFIRM", {
"url" : "https://patchwork.ozlabs.org/patch/740639/" "name": "https://github.com/torvalds/linux/commit/8605330aac5a5785630aec8f64378a54891937cc",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/8605330aac5a5785630aec8f64378a54891937cc"
"name" : "97141", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97141" "name": "https://patchwork.ozlabs.org/patch/740639/",
} "refsource": "CONFIRM",
] "url": "https://patchwork.ozlabs.org/patch/740639/"
} },
} {
"name": "97141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97141"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a"
},
{
"name": "https://github.com/torvalds/linux/commit/4ef1b2869447411ad3ef91ad7d4891a83c1a509a",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/4ef1b2869447411ad3ef91ad7d4891a83c1a509a"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc"
}
]
}
}

122
2017/8xxx/CVE-2017-8197.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-8197", "ID": "CVE-2017-8197",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FusionSphere", "product_name": "FusionSphere",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "V100R006C00SPC102(NFV)" "version_value": "V100R006C00SPC102(NFV)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "command injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en" "lang": "eng",
} "value": "FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en"
}
]
}
}

130
2017/8xxx/CVE-2017-8383.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8383", "ID": "CVE-2017-8383",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://craftcms.com/changelog#2-6-2976", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://craftcms.com/changelog#2-6-2976" "lang": "eng",
}, "value": "Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder."
{ }
"name" : "https://twitter.com/CraftCMS/status/857743080224473088", ]
"refsource" : "CONFIRM", },
"url" : "https://twitter.com/CraftCMS/status/857743080224473088" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://craftcms.com/changelog#2-6-2976",
"refsource": "CONFIRM",
"url": "https://craftcms.com/changelog#2-6-2976"
},
{
"name": "https://twitter.com/CraftCMS/status/857743080224473088",
"refsource": "CONFIRM",
"url": "https://twitter.com/CraftCMS/status/857743080224473088"
}
]
}
}

34
2017/8xxx/CVE-2017-8526.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8526", "ID": "CVE-2017-8526",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

142
2017/8xxx/CVE-2017-8724.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-09-12T00:00:00", "DATE_PUBLIC": "2017-09-12T00:00:00",
"ID" : "CVE-2017-8724", "ID": "CVE-2017-8724",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 10 Version 1703" "version_value": "Microsoft Windows 10 Version 1703"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka \"Microsoft Edge Spoofing Vulnerability\". This CVE ID is unique from CVE-2017-8735."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Spoofing"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8724", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8724" "lang": "eng",
}, "value": "Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka \"Microsoft Edge Spoofing Vulnerability\". This CVE ID is unique from CVE-2017-8735."
{ }
"name" : "100777", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100777" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039326", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039326" "lang": "eng",
} "value": "Spoofing"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1039326",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039326"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8724",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8724"
},
{
"name": "100777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100777"
}
]
}
}

34
2017/8xxx/CVE-2017-8999.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8999", "ID": "CVE-2017-8999",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2018/10xxx/CVE-2018-10536.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10536", "ID": "CVE-2018-10536",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15" "lang": "eng",
}, "value": "An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks."
{ }
"name" : "https://github.com/dbry/WavPack/issues/30", ]
"refsource" : "MISC", },
"url" : "https://github.com/dbry/WavPack/issues/30" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/dbry/WavPack/issues/31", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/dbry/WavPack/issues/31" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/dbry/WavPack/issues/32", ]
"refsource" : "MISC", }
"url" : "https://github.com/dbry/WavPack/issues/32" ]
}, },
{ "references": {
"name" : "DSA-4197", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4197" "name": "https://github.com/dbry/WavPack/issues/32",
}, "refsource": "MISC",
{ "url": "https://github.com/dbry/WavPack/issues/32"
"name" : "USN-3637-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3637-1/" "name": "DSA-4197",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2018/dsa-4197"
} },
} {
"name": "https://github.com/dbry/WavPack/issues/31",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/31"
},
{
"name": "USN-3637-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"name": "https://github.com/dbry/WavPack/issues/30",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/30"
},
{
"name": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15"
}
]
}
}

132
2018/10xxx/CVE-2018-10590.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-05-15T00:00:00", "DATE_PUBLIC": "2018-05-15T00:00:00",
"ID" : "CVE-2018-10590", "ID": "CVE-2018-10590",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WebAccess", "product_name": "WebAccess",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Advantech" "vendor_name": "Advantech"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "INFORMATION EXPOSURE THROUGH DIRECTORY LISTING CWE-548"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" "lang": "eng",
}, "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, an information exposure vulnerability through directory listing has been identified, which may allow an attacker to find important files that are not normally visible."
{ }
"name" : "104190", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104190" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "INFORMATION EXPOSURE THROUGH DIRECTORY LISTING CWE-548"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104190"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
}
]
}
}

142
2018/10xxx/CVE-2018-10619.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-06-07T00:00:00", "DATE_PUBLIC": "2018-06-07T00:00:00",
"ID" : "CVE-2018-10619", "ID": "CVE-2018-10619",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway", "product_name": "Rockwell Automation RSLinx Classic and FactoryTalk Linx Gateway",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "RSLinx Classic Versions 3.90.01 and prior, FactoryTalk Linx Gateway Versions 3.90.00 and prior." "version_value": "RSLinx Classic Versions 3.90.01 and prior, FactoryTalk Linx Gateway Versions 3.90.00 and prior."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ICS-CERT" "vendor_name": "ICS-CERT"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "UNQUOTED SEARCH PATH OR ELEMENT CWE-428"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44892", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44892/" "lang": "eng",
}, "value": "An unquoted search path or element in RSLinx Classic Versions 3.90.01 and prior and FactoryTalk Linx Gateway Versions 3.90.00 and prior may allow an authorized, but non-privileged local user to execute arbitrary code and allow a threat actor to escalate user privileges on the affected workstation."
{ }
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01", ]
"refsource" : "MISC", },
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "104415", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104415" "lang": "eng",
} "value": "UNQUOTED SEARCH PATH OR ELEMENT CWE-428"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "44892",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44892/"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-158-01"
},
{
"name": "104415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104415"
}
]
}
}

34
2018/10xxx/CVE-2018-10715.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10715", "ID": "CVE-2018-10715",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/12xxx/CVE-2018-12563.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12563", "ID": "CVE-2018-12563",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214" "lang": "eng",
} "value": "An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214",
"refsource": "CONFIRM",
"url": "https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214"
}
]
}
}

120
2018/13xxx/CVE-2018-13000.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13000", "ID": "CVE-2018-13000",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.vulnerability-lab.com/get_content.php?id=2123", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.vulnerability-lab.com/get_content.php?id=2123" "lang": "eng",
} "value": "An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private message module allows inserting links without sanitizing the content. This allows remote attackers to inject malicious script code payloads as a private message (aka pmbody). The injection point is the editor ftp link element and the execution point occurs in the message body context on arrival. The request method to inject is POST with restricted user privileges."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vulnerability-lab.com/get_content.php?id=2123",
"refsource": "MISC",
"url": "https://www.vulnerability-lab.com/get_content.php?id=2123"
}
]
}
}

120
2018/13xxx/CVE-2018-13022.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13022", "ID": "CVE-2018-13022",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.securityevaluators.com/hack-routers-get-toys-exploiting-the-mi-router-3-1d7fd42f0838", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.securityevaluators.com/hack-routers-get-toys-exploiting-the-mi-router-3-1d7fd42f0838" "lang": "eng",
} "value": "Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/hack-routers-get-toys-exploiting-the-mi-router-3-1d7fd42f0838",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/hack-routers-get-toys-exploiting-the-mi-router-3-1d7fd42f0838"
}
]
}
}

34
2018/13xxx/CVE-2018-13461.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13461", "ID": "CVE-2018-13461",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/13xxx/CVE-2018-13652.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13652", "ID": "CVE-2018-13652",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for TheGoDigital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for TheGoDigital, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TheGoDigital", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TheGoDigital" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TheGoDigital",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TheGoDigital"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

130
2018/13xxx/CVE-2018-13723.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13723", "ID": "CVE-2018-13723",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for SERVVIZIOToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for SERVVIZIOToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SERVVIZIOToken", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SERVVIZIOToken" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SERVVIZIOToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SERVVIZIOToken"
}
]
}
}

140
2018/13xxx/CVE-2018-13859.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13859", "ID": "CVE-2018-13859",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the \"/xml/system/setAttribute.xml\" URL, using the GET request \"?id=0&attr=protectAccess&newValue=0\" (a successful attack will allow attackers to login without authorization)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45088", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45088/" "lang": "eng",
}, "value": "MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the \"/xml/system/setAttribute.xml\" URL, using the GET request \"?id=0&attr=protectAccess&newValue=0\" (a successful attack will allow attackers to login without authorization)."
{ }
"name" : "https://vulncode.com/advisory/CVE-2018-13859", ]
"refsource" : "MISC", },
"url" : "https://vulncode.com/advisory/CVE-2018-13859" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://update.trivum.com/update/v9-changes.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://update.trivum.com/update/v9-changes.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://update.trivum.com/update/v9-changes.html",
"refsource": "CONFIRM",
"url": "http://update.trivum.com/update/v9-changes.html"
},
{
"name": "https://vulncode.com/advisory/CVE-2018-13859",
"refsource": "MISC",
"url": "https://vulncode.com/advisory/CVE-2018-13859"
},
{
"name": "45088",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45088/"
}
]
}
}

34
2018/17xxx/CVE-2018-17280.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-17280", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-17280",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }
} }

120
2018/17xxx/CVE-2018-17416.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17416", "ID": "CVE-2018-17416",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/seedis/zzcms/blob/master/SQL%20injection%20in%20%20addclass.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/seedis/zzcms/blob/master/SQL%20injection%20in%20%20addclass.md" "lang": "eng",
} "value": "A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/seedis/zzcms/blob/master/SQL%20injection%20in%20%20addclass.md",
"refsource": "MISC",
"url": "https://github.com/seedis/zzcms/blob/master/SQL%20injection%20in%20%20addclass.md"
}
]
}
}

34
2018/17xxx/CVE-2018-17527.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17527", "ID": "CVE-2018-17527",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2018/17xxx/CVE-2018-17913.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-10-17T00:00:00", "DATE_PUBLIC": "2018-10-17T00:00:00",
"ID" : "CVE-2018-17913", "ID": "CVE-2018-17913",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "CX-Supervisor", "product_name": "CX-Supervisor",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions 3.4.1.0 and prior." "version_value": "Versions 3.4.1.0 and prior."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Omron" "vendor_name": "Omron"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "INCORRECT TYPE VERSION OR CAST CWE-704"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01" "lang": "eng",
}, "value": "A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application."
{ }
"name" : "105691", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105691" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "INCORRECT TYPE VERSION OR CAST CWE-704"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01"
},
{
"name": "105691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105691"
}
]
}
}

34
2018/9xxx/CVE-2018-9661.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9661", "ID": "CVE-2018-9661",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }