admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:05:21 +00:00
parent 8764a4337b
commit f92a60ed99
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3868 additions and 3868 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

238
2004/0xxx/CVE-2004-0424.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0424", "ID": "CVE-2004-0424",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt" "lang": "eng",
}, "value": "Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option."
{ }
"name" : "20040420 Linux kernel setsockopt MCAST_MSFILTER integer overflow", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=108253171301153&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CLA-2004:852", "description": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2004:183", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2004-183.html" ]
}, },
{ "references": {
"name" : "MDKSA-2004:037", "reference_data": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:037" "name": "SSA:2004-119",
}, "refsource": "SLACKWARE",
{ "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.659586"
"name" : "ESA-20040428-004", },
"refsource" : "ENGARDE", {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html" "name": "SuSE-SA:2004:010",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2004_10_kernel.html"
"name" : "SSA:2004-119", },
"refsource" : "SLACKWARE", {
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.659586" "name": "oval:org.mitre.oval:def:939",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A939"
"name" : "20040504-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc" "name": "oval:org.mitre.oval:def:11214",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11214"
"name" : "SuSE-SA:2004:010", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2004_10_kernel.html" "name": "RHSA-2004:183",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-183.html"
"name" : "10179", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10179" "name": "MDKSA-2004:037",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:037"
"name" : "oval:org.mitre.oval:def:11214", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11214" "name": "linux-ipsetsockopt-integer-bo(15907)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15907"
"name" : "linux-ipsetsockopt-integer-bo(15907)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15907" "name": "20040504-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc"
"name" : "oval:org.mitre.oval:def:939", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A939" "name": "10179",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/10179"
} },
{
"name": "ESA-20040428-004",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html"
},
{
"name": "http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt",
"refsource": "MISC",
"url": "http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt"
},
{
"name": "CLA-2004:852",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852"
},
{
"name": "20040420 Linux kernel setsockopt MCAST_MSFILTER integer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108253171301153&w=2"
}
]
}
} }

298
2004/0xxx/CVE-2004-0488.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0488", "ID": "CVE-2004-0488",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040517 mod_ssl ssl_util_uuencode_binary potential problem", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021610.html" "lang": "eng",
}, "value": "Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN."
{ }
"name" : "DSA-532", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2004/dsa-532" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FLSA:1888", "description": [
"refsource" : "FEDORA", {
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1888" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT4777", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=109181600614477&w=2" ]
}, },
{ "references": {
"name" : "SSRT4788", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=109215056218824&w=2" "name": "2004-0031",
}, "refsource": "TRUSTIX",
{ "url": "http://www.trustix.net/errata/2004/0031/"
"name" : "MDKSA-2004:054", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:054" "name": "oval:org.mitre.oval:def:11458",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11458"
"name" : "MDKSA-2004:055", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:055" "name": "MDKSA-2004:054",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:054"
"name" : "RHSA-2005:816", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-816.html" "name": "RHSA-2004:342",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-342.html"
"name" : "2004-0031", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.net/errata/2004/0031/" "name": "RHSA-2004:245",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2004-245.html"
"name" : "20040527 [OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache)", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108567431823750&w=2" "name": "GLSA-200406-05",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200406-05.xml"
"name" : "20040601 TSSA-2004-008 - apache", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108619129727620&w=2" "name": "20040527 [OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache)",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=108567431823750&w=2"
"name" : "GLSA-200406-05", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200406-05.xml" "name": "RHSA-2004:405",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-405.html"
"name" : "RHSA-2004:245", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2004-245.html" "name": "SSRT4788",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=109215056218824&w=2"
"name" : "RHSA-2004:342", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-342.html" "name": "20040605-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
"name" : "RHSA-2004:405", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-405.html" "name": "RHSA-2005:816",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-816.html"
"name" : "20040605-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc" "name": "SSRT4777",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=109181600614477&w=2"
"name" : "10355", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10355" "name": "20040517 mod_ssl ssl_util_uuencode_binary potential problem",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021610.html"
"name" : "oval:org.mitre.oval:def:11458", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11458" "name": "10355",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/10355"
"name" : "apache-modssl-uuencode-bo(16214)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16214" "name": "DSA-532",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2004/dsa-532"
} },
{
"name": "FLSA:1888",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1888"
},
{
"name": "MDKSA-2004:055",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:055"
},
{
"name": "apache-modssl-uuencode-bo(16214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16214"
},
{
"name": "20040601 TSSA-2004-008 - apache",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108619129727620&w=2"
}
]
}
} }

128
2004/0xxx/CVE-2004-0496.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0496", "ID": "CVE-2004-0496",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "SUSE-SA:2004:020", "description_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2004_20_kernel.html" "lang": "eng",
}, "value": "Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool."
{ }
"name" : "linux-gain-privileges(16625)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16625" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "linux-gain-privileges(16625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16625"
},
{
"name": "SUSE-SA:2004:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_20_kernel.html"
}
]
}
} }

138
2004/0xxx/CVE-2004-0819.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0819", "ID": "CVE-2004-0819",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040825 Vulnerability: OpenBSD 3.5 Kernel Panic.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109345131508824&w=2" "lang": "eng",
}, "value": "The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet."
{ }
"name" : "20040826 028: RELIABILITY FIX: August 26, 2004", ]
"refsource" : "OPENBSD", },
"url" : "http://openbsd.org/errata34.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openbsd-icmp-echo-dos(17129)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17129" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "openbsd-icmp-echo-dos(17129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17129"
},
{
"name": "20040826 028: RELIABILITY FIX: August 26, 2004",
"refsource": "OPENBSD",
"url": "http://openbsd.org/errata34.html"
},
{
"name": "20040825 Vulnerability: OpenBSD 3.5 Kernel Panic.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109345131508824&w=2"
}
]
}
} }

128
2004/1xxx/CVE-2004-1117.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1117", "ID": "CVE-2004-1117",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "GLSA-200411-26", "description_data": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200411-26.xml" "lang": "eng",
}, "value": "The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs."
{ }
"name" : "seti@home-gain-privileges(18149)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18149" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200411-26",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-26.xml"
},
{
"name": "seti@home-gain-privileges(18149)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18149"
}
]
}
} }

148
2004/1xxx/CVE-2004-1196.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1196", "ID": "CVE-2004-1196",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to inject arbitrary web script or HTML via the acao parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041124 XSS in Brazilian Insite products", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110140029419018&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to inject arbitrary web script or HTML via the acao parameter."
{ }
"name" : "13188", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/13188/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11758", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11758" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "insite-inmail-inshop-xss(18268)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18268" ]
} },
] "references": {
} "reference_data": [
{
"name": "insite-inmail-inshop-xss(18268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18268"
},
{
"name": "20041124 XSS in Brazilian Insite products",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110140029419018&w=2"
},
{
"name": "13188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13188/"
},
{
"name": "11758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11758"
}
]
}
} }

128
2004/1xxx/CVE-2004-1295.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1295", "ID": "CVE-2004-1295",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tigger.uic.edu/~jlongs2/holes/uml-utilites.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://tigger.uic.edu/~jlongs2/holes/uml-utilites.txt" "lang": "eng",
}, "value": "The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled)."
{ }
"name" : "umlutilities-umtnet-slipdown-dos(18562)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18562" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tigger.uic.edu/~jlongs2/holes/uml-utilites.txt",
"refsource": "MISC",
"url": "http://tigger.uic.edu/~jlongs2/holes/uml-utilites.txt"
},
{
"name": "umlutilities-umtnet-slipdown-dos(18562)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18562"
}
]
}
} }

138
2004/1xxx/CVE-2004-1625.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1625", "ID": "CVE-2004-1625",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pGina 1.7.6 and possibly older versions, when the Restart or Shutdown options are enabled on the login screen, allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041022 Windows DoS in certain pGina configurations", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109849689808245&w=2" "lang": "eng",
}, "value": "pGina 1.7.6 and possibly older versions, when the Restart or Shutdown options are enabled on the login screen, allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown."
{ }
"name" : "http://www.lovebug.org/pgina_dos.txt", ]
"refsource" : "MISC", },
"url" : "http://www.lovebug.org/pgina_dos.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "pgina-dos(17836)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17836" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "pgina-dos(17836)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17836"
},
{
"name": "20041022 Windows DoS in certain pGina configurations",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109849689808245&w=2"
},
{
"name": "http://www.lovebug.org/pgina_dos.txt",
"refsource": "MISC",
"url": "http://www.lovebug.org/pgina_dos.txt"
}
]
}
} }

168
2004/2xxx/CVE-2004-2211.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2211", "ID": "CVE-2004-2211",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.maxpatrol.com/advdetails.asp?id=5", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.maxpatrol.com/advdetails.asp?id=5" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp."
{ }
"name" : "http://www.maxpatrol.com/mp_advisory.asp", ]
"refsource" : "MISC", },
"url" : "http://www.maxpatrol.com/mp_advisory.asp" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11427", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11427" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "10775", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/10775" ]
}, },
{ "references": {
"name" : "12844", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12844" "name": "http://www.maxpatrol.com/mp_advisory.asp",
}, "refsource": "MISC",
{ "url": "http://www.maxpatrol.com/mp_advisory.asp"
"name" : "alivesites-xss(17725)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17725" "name": "10775",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/10775"
} },
{
"name": "http://www.maxpatrol.com/advdetails.asp?id=5",
"refsource": "MISC",
"url": "http://www.maxpatrol.com/advdetails.asp?id=5"
},
{
"name": "alivesites-xss(17725)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17725"
},
{
"name": "11427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11427"
},
{
"name": "12844",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12844"
}
]
}
} }

168
2004/2xxx/CVE-2004-2274.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2274", "ID": "CVE-2004-2274",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4" "lang": "eng",
}, "value": "Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI."
{ }
"name" : "9711", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9711" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4014", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/4014" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1009169", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1009169" ]
}, },
{ "references": {
"name" : "10975", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10975" "name": "1009169",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1009169"
"name" : "jigsaw-url-execute-code(15298)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15298" "name": "jigsaw-url-execute-code(15298)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15298"
} },
{
"name": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4",
"refsource": "CONFIRM",
"url": "http://www.w3.org/Jigsaw/RelNotes.html#2.2.4"
},
{
"name": "9711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9711"
},
{
"name": "4014",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4014"
},
{
"name": "10975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10975"
}
]
}
} }

148
2004/2xxx/CVE-2004-2280.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2280", "ID": "CVE-2004-2280",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-1.ibm.com/support/docview.wss?rs=475&context=SSKTWP&q1=Java&uid=swg21173910&loc=en_US&cs=utf-8&lang=en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-1.ibm.com/support/docview.wss?rs=475&context=SSKTWP&q1=Java&uid=swg21173910&loc=en_US&cs=utf-8&lang=en" "lang": "eng",
}, "value": "Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN."
{ }
"name" : "10704", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/10704" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "8418", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/8418" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12046", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/12046" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=475&context=SSKTWP&q1=Java&uid=swg21173910&loc=en_US&cs=utf-8&lang=en",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=475&context=SSKTWP&q1=Java&uid=swg21173910&loc=en_US&cs=utf-8&lang=en"
},
{
"name": "10704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10704"
},
{
"name": "12046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12046"
},
{
"name": "8418",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8418"
}
]
}
} }

158
2008/2xxx/CVE-2008-2135.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2135", "ID": "CVE-2008-2135",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080508 ezContents CMS Version 2.0.0 SQL Injection Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/491813/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php."
{ }
"name" : "5559", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5559" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29098", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29098" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3865", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/3865" ]
}, },
{ "references": {
"name" : "ezcontents-showdetails-sql-injection(42260)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42260" "name": "20080508 ezContents CMS Version 2.0.0 SQL Injection Vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/491813/100/0/threaded"
} },
{
"name": "3865",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3865"
},
{
"name": "ezcontents-showdetails-sql-injection(42260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42260"
},
{
"name": "5559",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5559"
},
{
"name": "29098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29098"
}
]
}
} }

128
2008/2xxx/CVE-2008-2173.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2173", "ID": "CVE-2008-2173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#929656", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/929656" "lang": "eng",
}, "value": "Unspecified vulnerability in Yamaha routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372."
{ }
"name" : "28999", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28999" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28999"
},
{
"name": "VU#929656",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/929656"
}
]
}
} }

148
2008/2xxx/CVE-2008-2203.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2203", "ID": "CVE-2008-2203",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080503 Maian Search v1.1 Multiple Vulnerabilities (XSS/SQL INJECTION)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/491586/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action."
{ }
"name" : "29032", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29032" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3883", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3883" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "maian-search-search-sql-injection(42196)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42196" ]
} },
] "references": {
} "reference_data": [
{
"name": "29032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29032"
},
{
"name": "maian-search-search-sql-injection(42196)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42196"
},
{
"name": "20080503 Maian Search v1.1 Multiple Vulnerabilities (XSS/SQL INJECTION)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491586/100/0/threaded"
},
{
"name": "3883",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3883"
}
]
}
} }

228
2008/2xxx/CVE-2008-2514.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2514", "ID": "CVE-2008-2514",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aix.software.ibm.com/aix/efixes/security/errpt_advisory.asc", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://aix.software.ibm.com/aix/efixes/security/errpt_advisory.asc" "lang": "eng",
}, "value": "Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors."
{ }
"name" : "IZ19905", ]
"refsource" : "AIXAPAR", },
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ19905" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IZ21494", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ21494" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "IZ22346", ]
"refsource" : "AIXAPAR", }
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ22346" ]
}, },
{ "references": {
"name" : "IZ22347", "reference_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ22347" "name": "oval:org.mitre.oval:def:5629",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5629"
"name" : "IZ22348", },
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ22348" "name": "IZ21494",
}, "refsource": "AIXAPAR",
{ "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ21494"
"name" : "29323", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29323" "name": "IZ22348",
}, "refsource": "AIXAPAR",
{ "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22348"
"name" : "oval:org.mitre.oval:def:5629", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5629" "name": "30349",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30349"
"name" : "30349", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30349" "name": "IZ22347",
}, "refsource": "AIXAPAR",
{ "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22347"
"name" : "ADV-2008-1626", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1626/references" "name": "IZ22346",
}, "refsource": "AIXAPAR",
{ "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ22346"
"name" : "1020084", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020084" "name": "ADV-2008-1626",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1626/references"
"name" : "ibm-aix-setuidroot-errpt-bo(42578)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42578" "name": "1020084",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1020084"
} },
{
"name": "ibm-aix-setuidroot-errpt-bo(42578)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42578"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/errpt_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/errpt_advisory.asc"
},
{
"name": "IZ19905",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ19905"
},
{
"name": "29323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29323"
}
]
}
} }

158
2008/2xxx/CVE-2008-2905.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2905", "ID": "CVE-2008-2905",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5808", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5808" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
{ }
"name" : "29716", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29716" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1020295", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020295" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30685", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30685" ]
}, },
{ "references": {
"name" : "mambo-output-file-include(43101)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43101" "name": "5808",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/5808"
} },
{
"name": "30685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30685"
},
{
"name": "29716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29716"
},
{
"name": "1020295",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020295"
},
{
"name": "mambo-output-file-include(43101)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43101"
}
]
}
} }

148
2008/3xxx/CVE-2008-3437.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3437", "ID": "CVE-2008-3437",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html" "lang": "eng",
}, "value": "OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning."
{ }
"name" : "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz", "description": [
"refsource" : "MISC", {
"url" : "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1020583", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1020583" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf",
"refsource": "MISC",
"url": "http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf"
},
{
"name": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz",
"refsource": "MISC",
"url": "http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz"
},
{
"name": "1020583",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020583"
},
{
"name": "20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html"
}
]
}
} }

168
2008/3xxx/CVE-2008-3578.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3578", "ID": "CVE-2008-3578",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6201", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6201" "lang": "eng",
}, "value": "HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI."
{ }
"name" : "30523", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30523" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-2309", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2309" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31376", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/31376" ]
}, },
{ "references": {
"name" : "4126", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4126" "name": "ADV-2008-2309",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2309"
"name" : "hydrairc-irc-bo(44204)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44204" "name": "6201",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/6201"
} },
{
"name": "31376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31376"
},
{
"name": "4126",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4126"
},
{
"name": "hydrairc-irc-bo(44204)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44204"
},
{
"name": "30523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30523"
}
]
}
} }

148
2008/6xxx/CVE-2008-6043.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6043", "ID": "CVE-2008-6043",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080919 PHP pro bid v 6.04 SQL injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/496533/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information."
{ }
"name" : "31263", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31263" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "48484", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/48484" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31981", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/31981" ]
} },
] "references": {
} "reference_data": [
{
"name": "48484",
"refsource": "OSVDB",
"url": "http://osvdb.org/48484"
},
{
"name": "31981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31981"
},
{
"name": "31263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31263"
},
{
"name": "20080919 PHP pro bid v 6.04 SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496533/100/0/threaded"
}
]
}
} }

178
2008/6xxx/CVE-2008-6670.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6670", "ID": "CVE-2008-6670",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet to UDP port 27960."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aluigi.altervista.org/adv/sunagex-adv.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://aluigi.altervista.org/adv/sunagex-adv.txt" "lang": "eng",
}, "value": "Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet to UDP port 27960."
{ }
"name" : "http://aluigi.org/poc/sunagex.zip", ]
"refsource" : "MISC", },
"url" : "http://aluigi.org/poc/sunagex.zip" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29889", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29889" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "46561", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/46561" ]
}, },
{ "references": {
"name" : "30823", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30823" "name": "ADV-2008-1903",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1903/references"
"name" : "ADV-2008-1903", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1903/references" "name": "sunage-unspecified-dos(43249)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43249"
"name" : "sunage-unspecified-dos(43249)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43249" "name": "30823",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/30823"
} },
{
"name": "46561",
"refsource": "OSVDB",
"url": "http://osvdb.org/46561"
},
{
"name": "29889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29889"
},
{
"name": "http://aluigi.org/poc/sunagex.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/sunagex.zip"
},
{
"name": "http://aluigi.altervista.org/adv/sunagex-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/sunagex-adv.txt"
}
]
}
} }

178
2008/6xxx/CVE-2008-6744.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6744", "ID": "CVE-2008-6744",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cybozu.co.jp/products/dl/notice/detail/0016.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://cybozu.co.jp/products/dl/notice/detail/0016.html" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
{ }
"name" : "http://cybozu.co.jp/products/dl/notice/detail/0018.html", ]
"refsource" : "CONFIRM", },
"url" : "http://cybozu.co.jp/products/dl/notice/detail/0018.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVN#18405927", "description": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN18405927/index.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "JVNDB-2008-000033", ]
"refsource" : "JVNDB", }
"url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html" ]
}, },
{ "references": {
"name" : "46575", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/46575" "name": "http://cybozu.co.jp/products/dl/notice/detail/0016.html",
}, "refsource": "CONFIRM",
{ "url": "http://cybozu.co.jp/products/dl/notice/detail/0016.html"
"name" : "30882", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30882" "name": "http://cybozu.co.jp/products/dl/notice/detail/0018.html",
}, "refsource": "CONFIRM",
{ "url": "http://cybozu.co.jp/products/dl/notice/detail/0018.html"
"name" : "garoon-unspecified-csrf(43438)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43438" "name": "JVN#18405927",
} "refsource": "JVN",
] "url": "http://jvn.jp/en/jp/JVN18405927/index.html"
} },
{
"name": "JVNDB-2008-000033",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000033.html"
},
{
"name": "garoon-unspecified-csrf(43438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43438"
},
{
"name": "30882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30882"
},
{
"name": "46575",
"refsource": "OSVDB",
"url": "http://osvdb.org/46575"
}
]
}
} }

148
2008/6xxx/CVE-2008-6749.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6749", "ID": "CVE-2008-6749",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7614", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7614" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters."
{ }
"name" : "51302", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/51302" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33353", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33353" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "flexphpdirectory-index-sql-injection(47640)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47640" ]
} },
] "references": {
} "reference_data": [
{
"name": "33353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33353"
},
{
"name": "flexphpdirectory-index-sql-injection(47640)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47640"
},
{
"name": "51302",
"refsource": "OSVDB",
"url": "http://osvdb.org/51302"
},
{
"name": "7614",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7614"
}
]
}
} }

198
2008/6xxx/CVE-2008-6998.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6998", "ID": "CVE-2008-6998",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6372", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6372" "lang": "eng",
}, "value": "Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link."
{ }
"name" : "http://shinnok.evonet.ro/vulns_html/chrome.html", ]
"refsource" : "MISC", },
"url" : "http://shinnok.evonet.ro/vulns_html/chrome.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://googlechromereleases.blogspot.com/2008/09/beta-release-0214929.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2008/09/beta-release-0214929.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/gfx/url_elider.cc?r1=1774&r2=1797&pathrev=1797", ]
"refsource" : "CONFIRM", }
"url" : "http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/gfx/url_elider.cc?r1=1774&r2=1797&pathrev=1797" ]
}, },
{ "references": {
"name" : "31034", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31034" "name": "google-chrome-href-dos(44934)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44934"
"name" : "31071", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31071" "name": "http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/gfx/url_elider.cc?r1=1774&r2=1797&pathrev=1797",
}, "refsource": "CONFIRM",
{ "url": "http://src.chromium.org/viewvc/chrome/branches/chrome_official_branch/src/chrome/common/gfx/url_elider.cc?r1=1774&r2=1797&pathrev=1797"
"name" : "48264", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/48264" "name": "google-chrome-urlelider-bo(45032)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45032"
"name" : "google-chrome-href-dos(44934)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44934" "name": "31034",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31034"
"name" : "google-chrome-urlelider-bo(45032)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45032" "name": "http://googlechromereleases.blogspot.com/2008/09/beta-release-0214929.html",
} "refsource": "CONFIRM",
] "url": "http://googlechromereleases.blogspot.com/2008/09/beta-release-0214929.html"
} },
{
"name": "6372",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6372"
},
{
"name": "48264",
"refsource": "OSVDB",
"url": "http://osvdb.org/48264"
},
{
"name": "http://shinnok.evonet.ro/vulns_html/chrome.html",
"refsource": "MISC",
"url": "http://shinnok.evonet.ro/vulns_html/chrome.html"
},
{
"name": "31071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31071"
}
]
}
} }

128
2008/7xxx/CVE-2008-7312.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7312", "ID": "CVE-2008-7312",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP request, as demonstrated by a request to a compromised server associated with a specific IP address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.websense.com/support/article/t-kbarticle/Why-doesn-t-my-Websense-installation-categorize-URLs-and-Permit-Block-in-accordance-with-the-Site-Lookup-Tool-s-categorization", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.websense.com/support/article/t-kbarticle/Why-doesn-t-my-Websense-installation-categorize-URLs-and-Permit-Block-in-accordance-with-the-Site-Lookup-Tool-s-categorization" "lang": "eng",
}, "value": "The Filtering Service in Websense Enterprise 5.2 through 6.3 does not consider the IP address during URL categorization, which makes it easier for remote attackers to bypass filtering via an HTTP request, as demonstrated by a request to a compromised server associated with a specific IP address."
{ }
"name" : "websense-filtering-sec-bypass(78299)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78299" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "websense-filtering-sec-bypass(78299)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78299"
},
{
"name": "http://www.websense.com/support/article/t-kbarticle/Why-doesn-t-my-Websense-installation-categorize-URLs-and-Permit-Block-in-accordance-with-the-Site-Lookup-Tool-s-categorization",
"refsource": "CONFIRM",
"url": "http://www.websense.com/support/article/t-kbarticle/Why-doesn-t-my-Websense-installation-categorize-URLs-and-Permit-Block-in-accordance-with-the-Site-Lookup-Tool-s-categorization"
}
]
}
} }

318
2013/2xxx/CVE-2013-2234.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-2234", "ID": "CVE-2013-2234",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130702 Re: CVE Request: information leak in AF_KEY notify messages", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/07/02/7" "lang": "eng",
}, "value": "The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=980995", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=980995" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/torvalds/linux/commit/a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887" ]
}, },
{ "references": {
"name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2" "name": "USN-1943-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1943-1"
"name" : "DSA-2766", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2766" "name": "RHSA-2013:1166",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"
"name" : "RHSA-2013:1645", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1645.html" "name": "USN-1913-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1913-1"
"name" : "RHSA-2013:1166", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1166.html" "name": "SUSE-SU-2013:1473",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
"name" : "SUSE-SU-2013:1473", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html" "name": "https://github.com/torvalds/linux/commit/a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887"
"name" : "SUSE-SU-2013:1474", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html" "name": "USN-1938-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1938-1"
"name" : "openSUSE-SU-2013:1971", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" "name": "RHSA-2013:1645",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
"name" : "USN-1912-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1912-1" "name": "USN-1944-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1944-1"
"name" : "USN-1913-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1913-1" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887"
"name" : "USN-1938-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1938-1" "name": "USN-1945-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1945-1"
"name" : "USN-1941-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1941-1" "name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2",
}, "refsource": "CONFIRM",
{ "url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2"
"name" : "USN-1942-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1942-1" "name": "DSA-2766",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2766"
"name" : "USN-1943-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1943-1" "name": "openSUSE-SU-2013:1971",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
"name" : "USN-1944-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1944-1" "name": "SUSE-SU-2013:1474",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
"name" : "USN-1945-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1945-1" "name": "USN-1947-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1947-1"
"name" : "USN-1946-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1946-1" "name": "[oss-security] 20130702 Re: CVE Request: information leak in AF_KEY notify messages",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/07/02/7"
"name" : "USN-1947-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1947-1" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=980995",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=980995"
} },
{
"name": "USN-1941-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1941-1"
},
{
"name": "USN-1942-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1942-1"
},
{
"name": "USN-1912-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1912-1"
},
{
"name": "USN-1946-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1946-1"
}
]
}
} }

318
2013/2xxx/CVE-2013-2468.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-2468", "ID": "CVE-2013-2468",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBUX02907", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" ]
}, },
{ "references": {
"name" : "HPSBUX02908", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" "name": "RHSA-2013:1060",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
"name" : "RHSA-2013:0963", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" "name": "HPSBUX02908",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2"
"name" : "RHSA-2013:1060", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html" "name": "RHSA-2014:0414",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2014:0414"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "SUSE-SU-2013:1257",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
"name" : "RHSA-2013:1059", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" "name": "oval:org.mitre.oval:def:19478",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19478"
"name" : "RHSA-2014:0414", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2014:0414" "name": "HPSBUX02907",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2"
"name" : "SUSE-SU-2013:1305", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" "name": "SUSE-SU-2013:1256",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
"name" : "SUSE-SU-2013:1255", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" "name": "54154",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54154"
"name" : "SUSE-SU-2013:1256", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "SUSE-SU-2013:1257", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" "name": "RHSA-2013:1059",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
"name" : "TA13-169A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" "name": "oval:org.mitre.oval:def:19605",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19605"
"name" : "60637", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/60637" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
"name" : "oval:org.mitre.oval:def:17206", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17206" "name": "TA13-169A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A"
"name" : "oval:org.mitre.oval:def:19478", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19478" "name": "RHSA-2013:0963",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html"
"name" : "oval:org.mitre.oval:def:19605", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19605" "name": "SUSE-SU-2013:1255",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
"name" : "54154", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54154" "name": "RHSA-2013:1456",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
} },
{
"name": "oval:org.mitre.oval:def:17206",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17206"
},
{
"name": "60637",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60637"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
},
{
"name": "SUSE-SU-2013:1305",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
}
]
}
} }

128
2017/11xxx/CVE-2017-11141.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11141", "ID": "CVE-2017-11141",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadMATImage function in coders\\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/469", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/469" "lang": "eng",
}, "value": "The ReadMATImage function in coders\\mat.c in ImageMagick 7.0.5-6 has a memory leak vulnerability that can cause memory exhaustion via a crafted MAT file, related to incorrect ordering of a SetImageExtent call."
{ }
"name" : "99506", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99506" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99506"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/469",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/469"
}
]
}
} }

128
2017/11xxx/CVE-2017-11576.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11576", "ID": "CVE-2017-11576",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/fontforge/fontforge/issues/3091", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/fontforge/fontforge/issues/3091" "lang": "eng",
}, "value": "FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file."
{ }
"name" : "DSA-3958", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3958" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3958",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3958"
},
{
"name": "https://github.com/fontforge/fontforge/issues/3091",
"refsource": "MISC",
"url": "https://github.com/fontforge/fontforge/issues/3091"
}
]
}
} }

138
2017/11xxx/CVE-2017-11724.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11724", "ID": "CVE-2017-11724",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/624", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/624" "lang": "eng",
}, "value": "The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures."
{ }
"name" : "GLSA-201711-07", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201711-07" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "104597", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104597" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201711-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-07"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/624",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/624"
},
{
"name": "104597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104597"
}
]
}
} }

140
2017/11xxx/CVE-2017-11800.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-10-10T00:00:00", "DATE_PUBLIC": "2017-10-10T00:00:00",
"ID" : "CVE-2017-11800", "ID": "CVE-2017-11800",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016." "version_value": "Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11800", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11800" "lang": "eng",
}, "value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821."
{ }
"name" : "101127", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101127" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039529", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039529" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1039529",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039529"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11800",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11800"
},
{
"name": "101127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101127"
}
]
}
} }

32
2017/14xxx/CVE-2017-14073.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14073", "ID": "CVE-2017-14073",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2017/14xxx/CVE-2017-14406.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14406", "ID": "CVE-2017-14406",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/" "lang": "eng",
} "value": "A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/"
}
]
}
} }

148
2017/14xxx/CVE-2017-14498.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14498", "ID": "CVE-2017-14498",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://lists.openwall.net/full-disclosure/2017/09/14/2", "description_data": [
"refsource" : "MISC", {
"url" : "http://lists.openwall.net/full-disclosure/2017/09/14/2" "lang": "eng",
}, "value": "SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017."
{ }
"name" : "https://docs.silverstripe.org/en/3/changelogs/3.6.1", ]
"refsource" : "MISC", },
"url" : "https://docs.silverstripe.org/en/3/changelogs/3.6.1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39", ]
"refsource" : "MISC", }
"url" : "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://lists.openwall.net/full-disclosure/2017/09/14/2",
"refsource": "MISC",
"url": "http://lists.openwall.net/full-disclosure/2017/09/14/2"
},
{
"name": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a",
"refsource": "MISC",
"url": "https://github.com/silverstripe/silverstripe-framework/commit/25b77a2ff8deabe8e8894002b9a5647eaec27b0a"
},
{
"name": "https://docs.silverstripe.org/en/3/changelogs/3.6.1",
"refsource": "MISC",
"url": "https://docs.silverstripe.org/en/3/changelogs/3.6.1"
},
{
"name": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39",
"refsource": "MISC",
"url": "https://github.com/silverstripe/silverstripe-installer/commit/c25478bef75cc5482852e80a1fa6f1f0e6460e39"
}
]
}
} }

32
2017/14xxx/CVE-2017-14654.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14654", "ID": "CVE-2017-14654",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/14xxx/CVE-2017-14891.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-03-26T00:00:00", "DATE_PUBLIC": "2018-03-26T00:00:00",
"ID" : "CVE-2017-14891", "ID": "CVE-2017-14891",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure in Graphics"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c", "description_data": [
"refsource" : "MISC", {
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c" "lang": "eng",
}, "value": "In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable."
{ }
"name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Information Exposure in Graphics"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c",
"refsource": "MISC",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-02-01"
}
]
}
} }

210
2017/15xxx/CVE-2017-15118.json
View File

@ -1,108 +1,108 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "anemec@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-15118", "ID": "CVE-2017-15118",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Qemu", "product_name": "Qemu",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.11" "version_value": "2.11"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "QEMU" "vendor_name": "QEMU"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "8.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version" : "3.0"
}
],
[
{
"vectorString" : "7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-121"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43194", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43194/" "lang": "eng",
}, "value": "A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS."
{ }
"name" : "http://www.openwall.com/lists/oss-security/2017/11/28/8", ]
"refsource" : "MISC", },
"url" : "http://www.openwall.com/lists/oss-security/2017/11/28/8" "impact": {
}, "cvss": [
{ [
"name" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html", {
"refsource" : "MISC", "vectorString": "8.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html" "version": "3.0"
}, }
{ ],
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118", [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118" "vectorString": "7.5/AV:N/AC:L/Au:N/C:P/I:P/A:P",
}, "version": "2.0"
{ }
"name" : "RHSA-2018:1104", ]
"refsource" : "REDHAT", ]
"url" : "https://access.redhat.com/errata/RHSA-2018:1104" },
}, "problemtype": {
{ "problemtype_data": [
"name" : "USN-3575-1", {
"refsource" : "UBUNTU", "description": [
"url" : "https://usn.ubuntu.com/3575-1/" {
}, "lang": "eng",
{ "value": "CWE-121"
"name" : "101975", }
"refsource" : "BID", ]
"url" : "http://www.securityfocus.com/bid/101975" }
} ]
] },
} "references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118"
},
{
"name": "RHSA-2018:1104",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1104"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html"
},
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "101975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101975"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/11/28/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/11/28/8"
},
{
"name": "43194",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43194/"
}
]
}
} }

32
2017/8xxx/CVE-2017-8008.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-8008", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-8008",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/8xxx/CVE-2017-8292.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8292", "ID": "CVE-2017-8292",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/8xxx/CVE-2017-8757.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-09-12T00:00:00", "DATE_PUBLIC": "2017-09-12T00:00:00",
"ID" : "CVE-2017-8757", "ID": "CVE-2017-8757",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016." "version_value": "Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka \"Microsoft Edge Remote Code Execution Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8757", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8757" "lang": "eng",
}, "value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka \"Microsoft Edge Remote Code Execution Vulnerability\"."
{ }
"name" : "100721", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100721" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039326", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039326" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8757",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8757"
},
{
"name": "100721",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100721"
},
{
"name": "1039326",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039326"
}
]
}
} }

248
2018/12xxx/CVE-2018-12020.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12020", "ID": "CVE-2018-12020",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the \"--status-fd 2\" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://openwall.com/lists/oss-security/2018/06/08/2", "description_data": [
"refsource" : "MISC", {
"url" : "http://openwall.com/lists/oss-security/2018/06/08/2" "lang": "eng",
}, "value": "mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the \"--status-fd 2\" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes."
{ }
"name" : "https://dev.gnupg.org/T4012", ]
"refsource" : "MISC", },
"url" : "https://dev.gnupg.org/T4012" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html", "description": [
"refsource" : "MISC", {
"url" : "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", ]
"refsource" : "CONFIRM", }
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" ]
}, },
{ "references": {
"name" : "DSA-4222", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4222" "name": "USN-3675-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3675-2/"
"name" : "DSA-4223", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4223" "name": "RHSA-2018:2180",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2180"
"name" : "DSA-4224", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4224" "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html",
}, "refsource": "MISC",
{ "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html"
"name" : "RHSA-2018:2180", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2180" "name": "http://openwall.com/lists/oss-security/2018/06/08/2",
}, "refsource": "MISC",
{ "url": "http://openwall.com/lists/oss-security/2018/06/08/2"
"name" : "RHSA-2018:2181", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2181" "name": "DSA-4222",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4222"
"name" : "USN-3675-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3675-1/" "name": "RHSA-2018:2181",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2181"
"name" : "USN-3675-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3675-2/" "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
}, "refsource": "CONFIRM",
{ "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name" : "USN-3675-3", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3675-3/" "name": "DSA-4224",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4224"
"name" : "104450", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104450" "name": "104450",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/104450"
"name" : "1041051", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041051" "name": "DSA-4223",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2018/dsa-4223"
} },
{
"name": "USN-3675-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3675-3/"
},
{
"name": "1041051",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041051"
},
{
"name": "USN-3675-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3675-1/"
},
{
"name": "https://dev.gnupg.org/T4012",
"refsource": "MISC",
"url": "https://dev.gnupg.org/T4012"
}
]
}
} }

32
2018/12xxx/CVE-2018-12556.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12556", "ID": "CVE-2018-12556",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/12xxx/CVE-2018-12732.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12732", "ID": "CVE-2018-12732",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

244
2018/13xxx/CVE-2018-13401.json
View File

@ -1,125 +1,125 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@atlassian.com", "ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC" : "2018-10-23T00:00:00", "DATE_PUBLIC": "2018-10-23T00:00:00",
"ID" : "CVE-2018-13401", "ID": "CVE-2018-13401",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jira", "product_name": "Jira",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "7.6.9" "version_value": "7.6.9"
}, },
{ {
"version_affected" : ">=", "version_affected": ">=",
"version_value" : "7.7.0" "version_value": "7.7.0"
}, },
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "7.7.5" "version_value": "7.7.5"
}, },
{ {
"version_affected" : ">=", "version_affected": ">=",
"version_value" : "7.8.0" "version_value": "7.8.0"
}, },
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "7.8.5" "version_value": "7.8.5"
}, },
{ {
"version_affected" : ">=", "version_affected": ">=",
"version_value" : "7.9.0" "version_value": "7.9.0"
}, },
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "7.9.3" "version_value": "7.9.3"
}, },
{ {
"version_affected" : ">=", "version_affected": ">=",
"version_value" : "7.10.0" "version_value": "7.10.0"
}, },
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "7.10.3" "version_value": "7.10.3"
}, },
{ {
"version_affected" : ">=", "version_affected": ">=",
"version_value" : "7.11.0" "version_value": "7.11.0"
}, },
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "7.11.3" "version_value": "7.11.3"
}, },
{ {
"version_affected" : ">=", "version_affected": ">=",
"version_value" : "7.12.0" "version_value": "7.12.0"
}, },
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "7.12.3" "version_value": "7.12.3"
}, },
{ {
"version_affected" : ">=", "version_affected": ">=",
"version_value" : "7.13.0" "version_value": "7.13.0"
}, },
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "7.13.1" "version_value": "7.13.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Atlassian" "vendor_name": "Atlassian"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "URL Redirection to Untrusted Site ('Open Redirect')"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jira.atlassian.com/browse/JRASERVER-68139", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jira.atlassian.com/browse/JRASERVER-68139" "lang": "eng",
}, "value": "The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability."
{ }
"name" : "105751", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105751" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "URL Redirection to Untrusted Site ('Open Redirect')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105751"
},
{
"name": "https://jira.atlassian.com/browse/JRASERVER-68139",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/JRASERVER-68139"
}
]
}
} }

128
2018/13xxx/CVE-2018-13648.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13648", "ID": "CVE-2018-13648",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for BGC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for BGC, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BGC", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BGC" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BGC",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BGC"
}
]
}
} }

32
2018/13xxx/CVE-2018-13947.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13947", "ID": "CVE-2018-13947",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2018/16xxx/CVE-2018-16147.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16147", "ID": "CVE-2018-16147",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180904 [CORE-2018-0008] - Opsview Monitor Multiple Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "https://seclists.org/fulldisclosure/2018/Sep/3" "lang": "eng",
}, "value": "The data parameter of the /settings/api/router endpoint in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to Cross-Site Scripting."
{ }
"name" : "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities", ]
"refsource" : "MISC", },
"url" : "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://knowledge.opsview.com/v5.3/docs/whats-new", "description": [
"refsource" : "CONFIRM", {
"url" : "https://knowledge.opsview.com/v5.3/docs/whats-new" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://knowledge.opsview.com/v5.4/docs/whats-new", ]
"refsource" : "CONFIRM", }
"url" : "https://knowledge.opsview.com/v5.4/docs/whats-new" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://knowledge.opsview.com/v5.4/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"name": "20180904 [CORE-2018-0008] - Opsview Monitor Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Sep/3"
},
{
"name": "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities"
},
{
"name": "https://knowledge.opsview.com/v5.3/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.3/docs/whats-new"
}
]
}
} }

248
2018/16xxx/CVE-2018-16396.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16396", "ID": "CVE-2018-16396",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html" "lang": "eng",
}, "value": "An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats."
{ }
"name" : "https://hackerone.com/reports/385070", ]
"refsource" : "MISC", },
"url" : "https://hackerone.com/reports/385070" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/", ]
"refsource" : "CONFIRM", }
"url" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/" ]
}, },
{ "references": {
"name" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/" "name": "https://hackerone.com/reports/385070",
}, "refsource": "MISC",
{ "url": "https://hackerone.com/reports/385070"
"name" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/", },
"refsource" : "CONFIRM", {
"url" : "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/" "name": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/",
}, "refsource": "CONFIRM",
{ "url": "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/"
"name" : "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/", },
"refsource" : "CONFIRM", {
"url" : "https://www.ruby-lang.org/en/news/2018/11/06/ruby-2-6-0-preview3-released/" "name": "RHSA-2018:3729",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:3729"
"name" : "https://security.netapp.com/advisory/ntap-20190221-0002/", },
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20190221-0002/" "name": "RHSA-2018:3730",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:3730"
"name" : "DSA-4332", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4332" "name": "RHSA-2018:3731",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:3731"
"name" : "RHSA-2018:3729", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3729" "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/",
}, "refsource": "CONFIRM",
{ "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-3-8-released/"
"name" : "RHSA-2018:3730", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3730" "name": "DSA-4332",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4332"
"name" : "RHSA-2018:3731", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3731" "name": "USN-3808-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3808-1/"
"name" : "USN-3808-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3808-1/" "name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/",
}, "refsource": "CONFIRM",
{ "url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-4-5-released/"
"name" : "1042106", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1042106" "name": "https://security.netapp.com/advisory/ntap-20190221-0002/",
} "refsource": "CONFIRM",
] "url": "https://security.netapp.com/advisory/ntap-20190221-0002/"
} },
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/"
},
{
"name": "[debian-lts-announce] 20181028 [SECURITY] [DLA 1558-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html"
},
{
"name": "1042106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042106"
}
]
}
} }

118
2018/16xxx/CVE-2018-16763.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16763", "ID": "CVE-2018-16763",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/daylightstudio/FUEL-CMS/issues/478", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/daylightstudio/FUEL-CMS/issues/478" "lang": "eng",
} "value": "FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/daylightstudio/FUEL-CMS/issues/478",
"refsource": "MISC",
"url": "https://github.com/daylightstudio/FUEL-CMS/issues/478"
}
]
}
} }

118
2018/16xxx/CVE-2018-16785.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16785", "ID": "CVE-2018-16785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ky-j/dedecms/issues/4", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/ky-j/dedecms/issues/4" "lang": "eng",
} "value": "XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell"
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ky-j/dedecms/issues/4",
"refsource": "MISC",
"url": "https://github.com/ky-j/dedecms/issues/4"
}
]
}
} }

128
2018/16xxx/CVE-2018-16803.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16803", "ID": "CVE-2018-16803",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://twitter.com/DC3VDP/status/1083359509995753473", "description_data": [
"refsource" : "MISC", {
"url" : "https://twitter.com/DC3VDP/status/1083359509995753473" "lang": "eng",
}, "value": "In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code."
{ }
"name" : "https://www.linkedin.com/feed/update/urn:li:activity:6489145511902212096/", ]
"refsource" : "MISC", },
"url" : "https://www.linkedin.com/feed/update/urn:li:activity:6489145511902212096/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.linkedin.com/feed/update/urn:li:activity:6489145511902212096/",
"refsource": "MISC",
"url": "https://www.linkedin.com/feed/update/urn:li:activity:6489145511902212096/"
},
{
"name": "https://twitter.com/DC3VDP/status/1083359509995753473",
"refsource": "MISC",
"url": "https://twitter.com/DC3VDP/status/1083359509995753473"
}
]
}
} }

32
2018/4xxx/CVE-2018-4585.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4585", "ID": "CVE-2018-4585",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2018/4xxx/CVE-2018-4905.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-4905", "ID": "CVE-2018-4905",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" "lang": "eng",
}, "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure."
{ }
"name" : "102996", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102996" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040364", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040364" "lang": "eng",
} "value": "Out-of-bounds read"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "102996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102996"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"
},
{
"name": "1040364",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040364"
}
]
}
} }