admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:34:10 +00:00
parent 082f65d1d6
commit f4a6f78c3c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3345 additions and 3345 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2003/0xxx/CVE-2003-0059.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0059", "ID": "CVE-2003-0059",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt" "lang": "eng",
}, "value": "Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys."
{ }
"name" : "CLSA-2003:639", ]
"refsource" : "CONECTIVA", },
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2003:043", "description": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2003:051", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html" ]
}, },
{ "references": {
"name" : "RHSA-2003:052", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html" "name": "RHSA-2003:052",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
"name" : "RHSA-2003:168", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-168.html" "name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt",
}, "refsource": "CONFIRM",
{ "url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt"
"name" : "VU#684563", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/684563" "name": "CLSA-2003:639",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639"
"name" : "6714", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6714" "name": "RHSA-2003:051",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
"name" : "kerberos-kdc-user-spoofing(11188)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11188" "name": "MDKSA-2003:043",
} "refsource": "MANDRAKE",
] "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043"
} },
} {
"name": "6714",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6714"
},
{
"name": "kerberos-kdc-user-spoofing(11188)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11188"
},
{
"name": "VU#684563",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/684563"
},
{
"name": "RHSA-2003:168",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-168.html"
}
]
}
}

120
2003/0xxx/CVE-2003-0310.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0310", "ID": "CVE-2003-0310",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030516 EzPublish Directory XSS Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105310013606680&w=2" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030516 EzPublish Directory XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105310013606680&w=2"
}
]
}
}

130
2003/1xxx/CVE-2003-1225.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1225", "ID": "CVE-2003-1225",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "BEA03-30.00", "description_data": [
"refsource" : "BEA", {
"url" : "http://dev2dev.bea.com/pub/advisory/22" "lang": "eng",
}, "value": "The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords."
{ }
"name" : "7563", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/7563" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7563"
},
{
"name": "BEA03-30.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/22"
}
]
}
}

150
2003/1xxx/CVE-2003-1367.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1367", "ID": "CVE-2003-1367",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to \"open\" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a \"which\" command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030204 Majordomo info leakage, all versions", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/310113" "lang": "eng",
}, "value": "The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to \"open\" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a \"which\" command."
{ }
"name" : "6761", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6761" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3235", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3235" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "majordomo-whichaccess-email-disclosure(11243)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11243" ]
} },
] "references": {
} "reference_data": [
} {
"name": "3235",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3235"
},
{
"name": "20030204 Majordomo info leakage, all versions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/310113"
},
{
"name": "6761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6761"
},
{
"name": "majordomo-whichaccess-email-disclosure(11243)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11243"
}
]
}
}

260
2004/0xxx/CVE-2004-0189.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0189", "ID": "CVE-2004-0189",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt" "lang": "eng",
}, "value": "The \"%xx\" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL (\"%00\") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists."
{ }
"name" : "CLA-2004:838", ]
"refsource" : "CONECTIVA", },
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-474", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-474" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200403-11", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-200403-11.xml" ]
}, },
{ "references": {
"name" : "MDKSA-2004:025", "reference_data": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025" "name": "SCOSA-2005.16",
}, "refsource": "SCO",
{ "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt"
"name" : "RHSA-2004:133", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-133.html" "name": "20040404-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc"
"name" : "RHSA-2004:134", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-134.html" "name": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.squid-cache.org/Advisories/SQUID-2004_1.txt"
"name" : "SCOSA-2005.16", },
"refsource" : "SCO", {
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt" "name": "squid-urlregex-acl-bypass(15366)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366"
"name" : "20040404-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc" "name": "DSA-474",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-474"
"name" : "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108084935904110&w=2" "name": "oval:org.mitre.oval:def:877",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877"
"name" : "9778", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9778" "name": "9778",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/9778"
"name" : "squid-urlregex-acl-bypass(15366)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15366" "name": "MDKSA-2004:025",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025"
"name" : "5916", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5916" "name": "oval:org.mitre.oval:def:941",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941"
"name" : "oval:org.mitre.oval:def:877", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877" "name": "RHSA-2004:133",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-133.html"
"name" : "oval:org.mitre.oval:def:941", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941" "name": "RHSA-2004:134",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2004-134.html"
} },
} {
"name": "20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108084935904110&w=2"
},
{
"name": "GLSA-200403-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200403-11.xml"
},
{
"name": "CLA-2004:838",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838"
},
{
"name": "5916",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5916"
}
]
}
}

140
2004/0xxx/CVE-2004-0343.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0343", "ID": "CVE-2004-0343",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040301 YabbSE (3 on 1)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107816202813083&w=2" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php."
{ }
"name" : "yabb-multiple-sql-injection(15354)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15354" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9774", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9774" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20040301 YabbSE (3 on 1)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107816202813083&w=2"
},
{
"name": "9774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9774"
},
{
"name": "yabb-multiple-sql-injection(15354)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15354"
}
]
}
}

280
2004/0xxx/CVE-2004-0411.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0411", "ID": "CVE-2004-0411",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter \"-\" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/363225" "lang": "eng",
}, "value": "The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter \"-\" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code."
{ }
"name" : "20040517 KDE Security Advisory: URI Handler Vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=108481412427344&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kde.org/info/security/advisory-20040517-1.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kde.org/info/security/advisory-20040517-1.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CLA-2004:843", ]
"refsource" : "CONECTIVA", }
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843" ]
}, },
{ "references": {
"name" : "DSA-518", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-518" "name": "RHSA-2004:222",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-222.html"
"name" : "FEDORA-2004-121", },
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/advisories/6717" "name": "SuSE-SA:2003:014",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html"
"name" : "FEDORA-2004-122", },
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/advisories/6743" "name": "http://www.kde.org/info/security/advisory-20040517-1.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.kde.org/info/security/advisory-20040517-1.txt"
"name" : "GLSA-200405-11", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200405-11.xml" "name": "kde-url-handler-gain-access(16163)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16163"
"name" : "RHSA-2004:222", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-222.html" "name": "FEDORA-2004-121",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/advisories/6717"
"name" : "SuSE-SA:2003:014", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html" "name": "20040513 Opera Telnet URI Handler Vulnerability also applies to other browsers",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/363225"
"name" : "SSA:2004-238", },
"refsource" : "SLACKWARE", {
"url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635" "name": "DSA-518",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-518"
"name" : "O-146", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/o-146.shtml" "name": "FEDORA-2004-122",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/advisories/6743"
"name" : "10358", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10358" "name": "6107",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/6107"
"name" : "6107", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/6107" "name": "20040517 KDE Security Advisory: URI Handler Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=108481412427344&w=2"
"name" : "oval:org.mitre.oval:def:954", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954" "name": "11602",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11602"
"name" : "11602", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11602" "name": "CLA-2004:843",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000843"
"name" : "kde-url-handler-gain-access(16163)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16163" "name": "SSA:2004-238",
} "refsource": "SLACKWARE",
] "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.362635"
} },
} {
"name": "GLSA-200405-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-11.xml"
},
{
"name": "oval:org.mitre.oval:def:954",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A954"
},
{
"name": "10358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10358"
},
{
"name": "O-146",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-146.shtml"
}
]
}
}

34
2004/0xxx/CVE-2004-0868.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2004-0868", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2004-0868",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0866. Reason: This candidate is a duplicate of CVE-2004-0866. Notes: The description for CVE-2004-0866 was inadvertently attached to this issue instead. All CVE users should reference CVE-2004-0866 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0866. Reason: This candidate is a duplicate of CVE-2004-0866. Notes: The description for CVE-2004-0866 was inadvertently attached to this issue instead. All CVE users should reference CVE-2004-0866 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

34
2004/1xxx/CVE-2004-1178.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1178", "ID": "CVE-2004-1178",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2004/1xxx/CVE-2004-1745.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1745", "ID": "CVE-2004-1745",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040824 Limited buffer overflow in Painkiller 1.31", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109339761608821&w=2" "lang": "eng",
}, "value": "Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password."
{ }
"name" : "11029", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/11029" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12367", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12367" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "painkiller-long-password-bo(17101)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17101" ]
} },
] "references": {
} "reference_data": [
} {
"name": "12367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12367"
},
{
"name": "20040824 Limited buffer overflow in Painkiller 1.31",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109339761608821&w=2"
},
{
"name": "painkiller-long-password-bo(17101)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17101"
},
{
"name": "11029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11029"
}
]
}
}

130
2004/2xxx/CVE-2004-2709.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2709", "ID": "CVE-2004-2709",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php" "lang": "eng",
}, "value": "Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags."
{ }
"name" : "8969", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/8969" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8969",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8969"
},
{
"name": "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.phrozensmoke.com/projects/pyvoicechat/changelog.php"
}
]
}
}

170
2004/2xxx/CVE-2004-2730.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2730", "ID": "CVE-2004-2730",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28304", "description_data": [
"refsource" : "MISC", {
"url" : "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28304" "lang": "eng",
}, "value": "Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping."
{ }
"name" : "10759", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/10759" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "8140", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/8140" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1010737", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1010737" ]
}, },
{ "references": {
"name" : "12108", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12108" "name": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28304",
}, "refsource": "MISC",
{ "url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=28304"
"name" : "pstools-gain-admin-access(16743)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16743" "name": "10759",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/10759"
} },
} {
"name": "12108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12108"
},
{
"name": "1010737",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010737"
},
{
"name": "8140",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8140"
},
{
"name": "pstools-gain-admin-access(16743)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16743"
}
]
}
}

200
2008/2xxx/CVE-2008-2254.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-2254", "ID": "CVE-2008-2254",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka \"HTML Object Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBST02360", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka \"HTML Object Memory Corruption Vulnerability.\""
{ }
"name" : "SSRT080117", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS08-045", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA08-225A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" ]
}, },
{ "references": {
"name" : "30614", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30614" "name": "30614",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30614"
"name" : "oval:org.mitre.oval:def:5820", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5820" "name": "oval:org.mitre.oval:def:5820",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5820"
"name" : "ADV-2008-2349", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2349" "name": "ADV-2008-2349",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2349"
"name" : "1020674", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020674" "name": "TA08-225A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
"name" : "31375", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31375" "name": "1020674",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1020674"
} },
} {
"name": "HPSBST02360",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name": "SSRT080117",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name": "MS08-045",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045"
},
{
"name": "31375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31375"
}
]
}
}

180
2008/2xxx/CVE-2008-2310.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2310", "ID": "CVE-2008-2310",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT2163", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT2163" "lang": "eng",
}, "value": "Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code."
{ }
"name" : "APPLE-SA-2008-06-30", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30018", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30018" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-1981", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/1981/references" ]
}, },
{ "references": {
"name" : "1020392", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020392" "name": "http://support.apple.com/kb/HT2163",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT2163"
"name" : "30802", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30802" "name": "ADV-2008-1981",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1981/references"
"name" : "macos-c++filt-format-string(43494)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43494" "name": "macos-c++filt-format-string(43494)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43494"
} },
} {
"name": "APPLE-SA-2008-06-30",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html"
},
{
"name": "30802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30802"
},
{
"name": "1020392",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020392"
},
{
"name": "30018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30018"
}
]
}
}

34
2008/2xxx/CVE-2008-2659.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2659", "ID": "CVE-2008-2659",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2008/2xxx/CVE-2008-2697.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2697", "ID": "CVE-2008-2697",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5759", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5759" "lang": "eng",
}, "value": "SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php."
{ }
"name" : "29593", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29593" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30566", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30566" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "rapidrecipe-recipeid-sql-injection(42924)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42924" ]
} },
] "references": {
} "reference_data": [
} {
"name": "rapidrecipe-recipeid-sql-injection(42924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42924"
},
{
"name": "30566",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30566"
},
{
"name": "29593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29593"
},
{
"name": "5759",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5759"
}
]
}
}

170
2008/6xxx/CVE-2008-6253.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6253", "ID": "CVE-2008-6253",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081118 [DSECRG-08-039] Local File Include Vulnerability in Pluck CMS 4.5.3", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/498438" "lang": "eng",
}, "value": "Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter."
{ }
"name" : "7153", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/7153" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.pluck-cms.org/index.php?file=kop11.php", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.pluck-cms.org/index.php?file=kop11.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32342", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/32342" ]
}, },
{ "references": {
"name" : "32736", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32736" "name": "20081118 [DSECRG-08-039] Local File Include Vulnerability in Pluck CMS 4.5.3",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/498438"
"name" : "pluck-pcltarlib-file-include(46676)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46676" "name": "7153",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/7153"
} },
} {
"name": "32342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32342"
},
{
"name": "32736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32736"
},
{
"name": "http://www.pluck-cms.org/index.php?file=kop11.php",
"refsource": "CONFIRM",
"url": "http://www.pluck-cms.org/index.php?file=kop11.php"
},
{
"name": "pluck-pcltarlib-file-include(46676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46676"
}
]
}
}

130
2008/6xxx/CVE-2008-6272.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6272", "ID": "CVE-2008-6272",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6969", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6969" "lang": "eng",
}, "value": "SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter."
{ }
"name" : "apoll-index-sql-injection(46286)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46286" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apoll-index-sql-injection(46286)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46286"
},
{
"name": "6969",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6969"
}
]
}
}

140
2008/6xxx/CVE-2008-6780.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6780", "ID": "CVE-2008-6780",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6911", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6911" "lang": "eng",
}, "value": "SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action."
{ }
"name" : "49554", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/49554" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32558", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32558" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "6911",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6911"
},
{
"name": "32558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32558"
},
{
"name": "49554",
"refsource": "OSVDB",
"url": "http://osvdb.org/49554"
}
]
}
}

180
2008/6xxx/CVE-2008-6961.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6961", "ID": "CVE-2008-6961",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-59.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-59.html" "lang": "eng",
}, "value": "mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=458883", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=458883" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32363", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32363" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1021247", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1021247" ]
}, },
{ "references": {
"name" : "32714", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32714" "name": "32363",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/32363"
"name" : "32715", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32715" "name": "mozilla-domproperties-info-disclosure(46734)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46734"
"name" : "mozilla-domproperties-info-disclosure(46734)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46734" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=458883",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=458883"
} },
} {
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-59.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-59.html"
},
{
"name": "32715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32715"
},
{
"name": "1021247",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021247"
},
{
"name": "32714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32714"
}
]
}
}

170
2012/1xxx/CVE-2012-1011.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1011", "ID": "CVE-2012-1011",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120122 AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html" "lang": "eng",
}, "value": "actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory."
{ }
"name" : "18407", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/18407" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "51615", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/51615" ]
}, },
{ "references": {
"name" : "47659", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47659" "name": "18407",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/18407"
"name" : "allwebmenus-actions-file-upload(72640)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640" "name": "51615",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/51615"
} },
} {
"name": "allwebmenus-actions-file-upload(72640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72640"
},
{
"name": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/"
},
{
"name": "20120122 AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0137.html"
},
{
"name": "47659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47659"
}
]
}
}

340
2012/1xxx/CVE-2012-1133.json
View File

@ -1,172 +1,172 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-1133", "ID": "CVE-2012-1133",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/03/06/16" "lang": "eng",
}, "value": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font."
{ }
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733512", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733512" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=800591", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=800591" ]
}, },
{ "references": {
"name" : "http://support.apple.com/kb/HT5503", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "name": "48797",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48797"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "48300",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48300"
"name" : "DSA-2428", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2428" "name": "48508",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48508"
"name" : "GLSA-201204-04", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201204-04.xml" "name": "48822",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48822"
"name" : "MDVSA-2012:057", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:057" "name": "MDVSA-2012:057",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:057"
"name" : "SUSE-SU-2012:0483", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html" "name": "APPLE-SA-2012-09-19-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
"name" : "SUSE-SU-2012:0521", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html" "name": "http://support.apple.com/kb/HT5503",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5503"
"name" : "SUSE-SU-2012:0484", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html" "name": "52318",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52318"
"name" : "openSUSE-SU-2012:0489", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html" "name": "USN-1403-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1403-1"
"name" : "USN-1403-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1403-1" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=733512",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=733512"
"name" : "52318", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52318" "name": "48918",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48918"
"name" : "1026765", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026765" "name": "[oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/03/06/16"
"name" : "48918", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48918" "name": "SUSE-SU-2012:0484",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html"
"name" : "48951", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48951" "name": "SUSE-SU-2012:0521",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html"
"name" : "48822", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48822" "name": "48973",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48973"
"name" : "48973", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48973" "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html"
"name" : "48797", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48797" "name": "SUSE-SU-2012:0483",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html"
"name" : "48508", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48508" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=800591",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800591"
"name" : "48300", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48300" "name": "1026765",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1026765"
} },
} {
"name": "openSUSE-SU-2012:0489",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html"
},
{
"name": "48951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48951"
},
{
"name": "GLSA-201204-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201204-04.xml"
},
{
"name": "DSA-2428",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2428"
}
]
}
}

130
2012/5xxx/CVE-2012-5092.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-5092", "ID": "CVE-2012-5092",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supply Chain Relationship Management."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supply Chain Relationship Management."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

150
2012/5xxx/CVE-2012-5341.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5341", "ID": "CVE-2012-5341",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/108340/statit4-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/108340/statit4-xss.txt" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action."
{ }
"name" : "http://st2tea.blogspot.com/2012/01/otterware-statit4-cross-site-scripting.html", ]
"refsource" : "MISC", },
"url" : "http://st2tea.blogspot.com/2012/01/otterware-statit4-cross-site-scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "51280", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51280" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "statit-statistik-xss(72139)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72139" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://st2tea.blogspot.com/2012/01/otterware-statit4-cross-site-scripting.html",
"refsource": "MISC",
"url": "http://st2tea.blogspot.com/2012/01/otterware-statit4-cross-site-scripting.html"
},
{
"name": "51280",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51280"
},
{
"name": "statit-statistik-xss(72139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72139"
},
{
"name": "http://packetstormsecurity.org/files/108340/statit4-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/108340/statit4-xss.txt"
}
]
}
}

34
2012/5xxx/CVE-2012-5399.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5399", "ID": "CVE-2012-5399",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2012/5xxx/CVE-2012-5472.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-5472", "ID": "CVE-2012-5472",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121119 Moodle security notifications public", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2012/11/19/1" "lang": "eng",
}, "value": "lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field."
{ }
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32785", ]
"refsource" : "CONFIRM", },
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32785" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://moodle.org/mod/forum/discuss.php?d=216156", "description": [
"refsource" : "CONFIRM", {
"url" : "https://moodle.org/mod/forum/discuss.php?d=216156" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "56505", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/56505" ]
} },
] "references": {
} "reference_data": [
} {
"name": "56505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56505"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32785",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32785"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=216156",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=216156"
},
{
"name": "[oss-security] 20121119 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/19/1"
}
]
}
}

130
2012/5xxx/CVE-2012-5549.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-5549", "ID": "CVE-2012-5549",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/11/20/4" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
{ }
"name" : "http://drupal.org/node/1822066", ]
"refsource" : "MISC", },
"url" : "http://drupal.org/node/1822066" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1822066",
"refsource": "MISC",
"url": "http://drupal.org/node/1822066"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
}
]
}
}

130
2017/11xxx/CVE-2017-11115.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11115", "ID": "CVE-2017-11115",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ExifJpegHUFFTable::deriveTable function in ExifHuffmanTable.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted jpg file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/fulldisclosure/2017/Jul/77", "description_data": [
"refsource" : "MISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Jul/77" "lang": "eng",
}, "value": "The ExifJpegHUFFTable::deriveTable function in ExifHuffmanTable.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted jpg file."
{ }
"name" : "https://sourceforge.net/p/openexif/bugs/18/", ]
"refsource" : "MISC", },
"url" : "https://sourceforge.net/p/openexif/bugs/18/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/openexif/bugs/18/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/openexif/bugs/18/"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/77",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/77"
}
]
}
}

34
2017/11xxx/CVE-2017-11486.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-11486", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-11486",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

138
2017/11xxx/CVE-2017-11509.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vulnreport@tenable.com", "ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC" : "2017-11-21T00:00:00", "DATE_PUBLIC": "2017-11-21T00:00:00",
"ID" : "CVE-2017-11509", "ID": "CVE-2017-11509",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firebird SQL Server", "product_name": "Firebird SQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.5.7" "version_value": "2.5.7"
}, },
{ {
"version_value" : "3.0.2" "version_value": "3.0.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Firebird Foundation" "vendor_name": "Firebird Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authenticated Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html" "lang": "eng",
}, "value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
{ }
"name" : "https://www.tenable.com/security/research/tra-2017-36", ]
"refsource" : "MISC", },
"url" : "https://www.tenable.com/security/research/tra-2017-36" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Authenticated Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-36",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-36"
}
]
}
}

140
2017/11xxx/CVE-2017-11638.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11638", "ID": "CVE-2017-11638",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html" "lang": "eng",
}, "value": "GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImage() function in coders/map.c when processing a non-colormapped image, a different vulnerability than CVE-2017-11642."
{ }
"name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9", ]
"refsource" : "CONFIRM", },
"url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4321", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4321" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "DSA-4321",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "[debian-lts-announce] 20180803 [SECURITY] [DLA 1456-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9",
"refsource": "CONFIRM",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9"
}
]
}
}

242
2017/3xxx/CVE-2017-3238.json
View File

@ -1,123 +1,123 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3238", "ID": "CVE-2017-3238",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.5.53 and earlier" "version_value": "5.5.53 and earlier"
}, },
{ {
"version_value" : "5.6.34 and earlier" "version_value": "5.6.34 and earlier"
}, },
{ {
"version_value" : "5.7.16 and earlier" "version_value": "5.7.16 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."
{ }
"name" : "DSA-3767", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3767" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3770", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3770" "lang": "eng",
}, "value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
{ }
"name" : "GLSA-201702-17", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201702-17" ]
}, },
{ "references": {
"name" : "GLSA-201702-18", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201702-18" "name": "RHSA-2017:2787",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2787"
"name" : "RHSA-2017:2886", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2886" "name": "GLSA-201702-17",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201702-17"
"name" : "RHSA-2017:2787", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2787" "name": "RHSA-2018:0574",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0574"
"name" : "RHSA-2017:2192", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2192" "name": "GLSA-201702-18",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201702-18"
"name" : "RHSA-2018:0279", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0279" "name": "1037640",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1037640"
"name" : "RHSA-2018:0574", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0574" "name": "RHSA-2018:0279",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0279"
"name" : "95571", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95571" "name": "DSA-3767",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3767"
"name" : "1037640", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037640" "name": "95571",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/95571"
} },
} {
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
]
}
}

34
2017/3xxx/CVE-2017-3713.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-3713", "ID": "CVE-2017-3713",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/3xxx/CVE-2017-3838.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-3838", "ID": "CVE-2017-3838",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Secure Access Control System", "product_name": "Cisco Secure Access Control System",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Secure Access Control System" "version_value": "Cisco Secure Access Control System"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs" "lang": "eng",
}, "value": "A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5)."
{ }
"name" : "96234", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96234" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037835", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037835" "lang": "eng",
} "value": "Cross-Site Scripting Vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1037835",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037835"
},
{
"name": "96234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96234"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs"
}
]
}
}

34
2017/3xxx/CVE-2017-3940.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-3940", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-3940",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

256
2017/7xxx/CVE-2017-7749.json
View File

@ -1,130 +1,130 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2017-7749", "ID": "CVE-2017-7749",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "54" "version_value": "54"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox ESR", "product_name": "Firefox ESR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.2" "version_value": "52.2"
} }
] ]
} }
}, },
{ {
"product_name" : "Thunderbird", "product_name": "Thunderbird",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.2" "version_value": "52.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free during docshell reloading"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1355039", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1355039" "lang": "eng",
}, "value": "A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-16/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-16/" "lang": "eng",
}, "value": "Use-after-free during docshell reloading"
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-17/", ]
"refsource" : "CONFIRM", }
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-17/" ]
}, },
{ "references": {
"name" : "DSA-3881", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-3881" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355039",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1355039"
"name" : "DSA-3918", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-3918" "name": "99057",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/99057"
"name" : "RHSA-2017:1440", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1440" "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
"name" : "RHSA-2017:1561", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1561" "name": "DSA-3918",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2017/dsa-3918"
"name" : "99057", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99057" "name": "1038689",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1038689"
"name" : "1038689", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038689" "name": "DSA-3881",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2017/dsa-3881"
} },
} {
"name": "RHSA-2017:1440",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1440"
},
{
"name": "RHSA-2017:1561",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1561"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-17/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-17/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-16/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
}
]
}
}

140
2017/8xxx/CVE-2017-8005.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2017-8005", "ID": "CVE-2017-8005",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)", "product_name": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)" "version_value": "RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, RSA Identity Management and Governance (RSA IMG)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Multiple Stored Cross-Site Scripting Vulnerabilities"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/fulldisclosure/2017/Jul/24", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://seclists.org/fulldisclosure/2017/Jul/24" "lang": "eng",
}, "value": "The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application."
{ }
"name" : "99591", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99591" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038877", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038877" "lang": "eng",
} "value": "Multiple Stored Cross-Site Scripting Vulnerabilities"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038877"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/24",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Jul/24"
},
{
"name": "99591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99591"
}
]
}
}

140
2017/8xxx/CVE-2017-8372.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8372", "ID": "CVE-2017-8372",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180518 [SECURITY] [DLA 1380-1] libmad security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00011.html" "lang": "eng",
}, "value": "The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, if NDEBUG is omitted, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted audio file."
{ }
"name" : "https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/", ]
"refsource" : "MISC", },
"url" : "https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4192", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4192" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/"
},
{
"name": "DSA-4192",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4192"
},
{
"name": "[debian-lts-announce] 20180518 [SECURITY] [DLA 1380-1] libmad security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00011.html"
}
]
}
}

150
2017/8xxx/CVE-2017-8469.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-8469", "ID": "CVE-2017-8469",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Windows", "product_name": "Microsoft Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42217", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42217/" "lang": "eng",
}, "value": "The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8469", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8469" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98842", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98842" "lang": "eng",
}, "value": "Information Disclosure"
{ }
"name" : "1038659", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038659" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1038659",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038659"
},
{
"name": "42217",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42217/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8469",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8469"
},
{
"name": "98842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98842"
}
]
}
}

142
2017/8xxx/CVE-2017-8650.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00", "DATE_PUBLIC": "2017-08-08T00:00:00",
"ID" : "CVE-2017-8650", "ID": "CVE-2017-8650",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 10 1703." "version_value": "Microsoft Windows 10 1703."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka \"Microsoft Edge Security Feature Bypass Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8650", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8650" "lang": "eng",
}, "value": "Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka \"Microsoft Edge Security Feature Bypass Vulnerability\"."
{ }
"name" : "100048", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100048" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039101", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039101" "lang": "eng",
} "value": "Security Feature Bypass"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "100048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100048"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8650",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8650"
},
{
"name": "1039101",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039101"
}
]
}
}

150
2018/10xxx/CVE-2018-10540.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10540", "ID": "CVE-2018-10540",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d" "lang": "eng",
}, "value": "An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytes_to_copy calculation and subsequent malloc call, leading to insufficient memory allocation."
{ }
"name" : "https://github.com/dbry/WavPack/issues/33", ]
"refsource" : "MISC", },
"url" : "https://github.com/dbry/WavPack/issues/33" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4197", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4197" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-3637-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3637-1/" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/dbry/WavPack/issues/33",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/issues/33"
},
{
"name": "DSA-4197",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4197"
},
{
"name": "USN-3637-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3637-1/"
},
{
"name": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d",
"refsource": "MISC",
"url": "https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d"
}
]
}
}

34
2018/12xxx/CVE-2018-12270.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12270", "ID": "CVE-2018-12270",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/12xxx/CVE-2018-12849.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-12849", "ID": "CVE-2018-12849",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Acrobat and Reader", "product_name": "Acrobat and Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier versions" "version_value": "2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe" "vendor_name": "Adobe"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "105358", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105358" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041702", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041702" "lang": "eng",
} "value": "Out-of-bounds read"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-34.html"
},
{
"name": "105358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105358"
},
{
"name": "1041702",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041702"
}
]
}
}

140
2018/13xxx/CVE-2018-13033.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13033", "ID": "CVE-2018-13033",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23361", "description_data": [
"refsource" : "MISC", {
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23361" "lang": "eng",
}, "value": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file, as demonstrated by _bfd_elf_parse_attributes in elf-attrs.c and bfd_malloc in libbfd.c. This can occur during execution of nm."
{ }
"name" : "RHSA-2018:3032", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2018:3032" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "104584", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104584" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23361",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23361"
},
{
"name": "RHSA-2018:3032",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3032"
},
{
"name": "104584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104584"
}
]
}
}

34
2018/13xxx/CVE-2018-13363.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13363", "ID": "CVE-2018-13363",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/13xxx/CVE-2018-13881.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13881", "ID": "CVE-2018-13881",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/16xxx/CVE-2018-16507.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16507", "ID": "CVE-2018-16507",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/16xxx/CVE-2018-16678.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16678", "ID": "CVE-2018-16678",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/17xxx/CVE-2018-17043.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17043", "ID": "CVE-2018-17043",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parse_doc in parse_doc.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/grandnew/software-vulnerabilities/tree/master/doc2txt#heap-buffer-overflow-in-function-storageinit", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/grandnew/software-vulnerabilities/tree/master/doc2txt#heap-buffer-overflow-in-function-storageinit" "lang": "eng",
}, "value": "An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parse_doc in parse_doc.cpp."
{ }
"name" : "https://github.com/tsfn/doc2txt/issues/1", ]
"refsource" : "MISC", },
"url" : "https://github.com/tsfn/doc2txt/issues/1" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tsfn/doc2txt/issues/1",
"refsource": "MISC",
"url": "https://github.com/tsfn/doc2txt/issues/1"
},
{
"name": "https://github.com/grandnew/software-vulnerabilities/tree/master/doc2txt#heap-buffer-overflow-in-function-storageinit",
"refsource": "MISC",
"url": "https://github.com/grandnew/software-vulnerabilities/tree/master/doc2txt#heap-buffer-overflow-in-function-storageinit"
}
]
}
}

34
2018/17xxx/CVE-2018-17263.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-17263", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-17263",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }
} }

120
2018/17xxx/CVE-2018-17988.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17988", "ID": "CVE-2018-17988",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LayerBB 1.1.1 has SQL Injection via the search.php search_query parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45530", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45530/" "lang": "eng",
} "value": "LayerBB 1.1.1 has SQL Injection via the search.php search_query parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45530",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45530/"
}
]
}
}