Skip to content

Commit 42fc6b8

Browse files
committed
add: AVE-2008-0003
1 parent 6813700 commit 42fc6b8

3 files changed

Lines changed: 76 additions & 57 deletions

File tree

vulns/1999/AVE-1999-0025.toml

Lines changed: 26 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,35 @@
1+
[id]
2+
ave_id = "AVE-1999-0025"
3+
cve_id = "CVE-1999-0719"
4+
aliases = ["CVE-1999-0719"]
5+
16
[basic]
2-
description = "Vulnerability identified as CVE-1999-0719. Please refer to vendor advisory for details."
3-
published = "2026-07-10"
4-
remediation = "Refer to vendor advisory and upgrade to fixed version."
5-
score = 5.0
7+
title = "Gnumeric 电子表格 Guile 插件任意代码执行漏洞"
8+
description = "Gnumeric 电子表格的 Guile 插件存在任意代码执行漏洞。攻击者可通过特制的电子表格文件触发 Guile 脚本解释器执行任意命令,由于 Guile 作为 GNU 扩展脚本语言在处理恶意构造的文件时可能绕过安全限制执行系统命令,导致目标系统被控制。"
69
severity = "MEDIUM"
10+
score = 4.6
11+
published = "1999-07-23"
12+
updated = "2026-06-16"
13+
remediation = "建议升级 Gnumeric 至修复版本,或禁用 Guile 插件扩展以防止恶意电子表格文件触发任意代码执行。"
714
sources = ["redhat"]
8-
title = "CVE-1999-0719 vulnerability"
9-
updated = "2026-07-10"
15+
16+
[score]
17+
cvss_v2 = 4.6
18+
cvss_v2_vector = "AV:L/AC:L/Au:N/C:P/I:P/A:P"
19+
20+
[affected]
21+
vendor = "GNOME"
22+
product = "Gnumeric"
23+
24+
[references]
25+
nvd = "https://nvd.nist.gov/vuln/detail/CVE-1999-0719"
26+
other = ["http://www.securityfocus.com/bid/563"]
1027

1128
[exploit]
12-
exp_urls = []
1329
poc_urls = []
14-
15-
[id]
16-
aliases = ["CVE-1999-0719"]
17-
ave_id = "AVE-1999-0025"
18-
cve_id = "CVE-1999-0719"
30+
exp_urls = []
31+
nuclei_templates = []
1932

2033
[meta]
21-
collected_at = "2026-07-10T12:38:13.024326272+00:00"
34+
collected_at = "2026-07-10T12:39:27Z"
2235
status = "completed"
23-
24-
[references]
25-
urls = []

vulns/1999/AVE-1999-0213.toml

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
[id]
2+
ave_id = "AVE-1999-0213"
3+
cve_id = "CVE-1999-0289"
4+
aliases = ["CVE-1999-0289"]
5+
6+
[basic]
7+
title = "Apache HTTP Server for Win32 点号追加路径信息泄露漏洞"
8+
description = "Apache HTTP Server Windows版本在处理URL时存在路径信息泄露漏洞。当攻击者在请求URL后追加一个点号(.)时,Apache可能绕过访问控制机制,导致受限文件被未经授权访问。此漏洞仅影响Windows平台上的Apache HTTP Server,攻击者可通过网络远程利用,无需身份认证,导致敏感信息泄露。"
9+
severity = "MEDIUM"
10+
score = 5.0
11+
remediation = "升级 Apache HTTP Server 至不受影响的版本,或在服务器配置中对 URL 请求进行规范化处理,过滤并拒绝以点号结尾的请求路径。对于 Windows 平台部署的 Apache 服务,建议使用 URL 重写规则拦截此类畸形请求。"
12+
sources = ["cve"]
13+
published = "1999-12-12"
14+
updated = "2026-06-16"
15+
16+
[affected]
17+
vendor = "apache"
18+
product = "http_server"
19+
20+
[exploit]
21+
poc_urls = []
22+
exp_urls = []
23+
nuclei_templates = []
24+
25+
[references]
26+
nvd = "https://nvd.nist.gov/vuln/detail/CVE-1999-0289"
27+
other = ["https://www.cve.org/CVERecord?id=CVE-1999-0289"]
28+
29+
[meta]
30+
collected_at = "2026-07-11T00:00:00Z"
31+
status = "completed"

vulns/2008/AVE-2008-0003.toml

Lines changed: 19 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -1,47 +1,25 @@
1-
[id]
2-
ave_id = "AVE-2008-0003"
3-
cve_id = "CVE-2008-2992"
4-
aliases = ["CVE-2008-2992"]
5-
61
[basic]
7-
title = "Adobe Acrobat/Reader util.printf JavaScript 函数栈缓冲区溢出漏洞"
8-
description = "Adobe Acrobat 和 Reader 8.1.2 及之前版本中存在栈缓冲区溢出漏洞(CWE-119/CWE-787)。该漏洞源于 util.printf JavaScript 函数在处理特制格式字符串参数时存在输入验证缺陷,攻击者可通过构造恶意 PDF 文件并诱导用户打开,触发栈缓冲区溢出,最终实现远程代码执行。该漏洞已被 CISA 列入已知被利用漏洞目录(KEV),影响范围广泛。"
9-
severity = "HIGH"
10-
score = 7.8
11-
cvss_v3 = "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
12-
cvss_v2 = "(AV:N/AC:M/Au:N/C:C/I:C/A:C)"
13-
cvss_v2_score = 9.3
14-
published = "2008-11-04"
15-
updated = "2025-02-10"
16-
sources = ["nvd", "kev", "exploit-db"]
17-
remediation = "升级 Adobe Acrobat 或 Reader 至 8.1.3 及以上版本,参照 APSB08-19 安全公告安装官方补丁。若无法立即升级,建议禁用浏览器中的 PDF 插件或使用替代 PDF 阅读器。"
18-
19-
[affected]
20-
vendor = "Adobe"
21-
product = "Acrobat and Reader"
22-
23-
[references]
24-
urls = [
25-
"https://nvd.nist.gov/vuln/detail/CVE-2008-2992",
26-
"http://www.adobe.com/support/security/bulletins/apsb08-19.html",
27-
"http://www.coresecurity.com/content/adobe-reader-buffer-overflow",
28-
"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2008-2992",
29-
"http://www.securityfocus.com/bid/30035",
30-
"http://www.zerodayinitiative.com/advisories/ZDI-08-072/",
31-
"http://www.kb.cert.org/vuls/id/593409"
32-
]
2+
description = ""
3+
published = ""
4+
remediation = "Refer to vendor advisory and upgrade to fixed version."
5+
score = 0.0
6+
severity = "UNKNOWN"
7+
sources = ["kev"]
8+
title = "CVE-2008-2992 漏洞"
9+
updated = ""
3310

3411
[exploit]
35-
poc_urls = [
36-
"https://www.exploit-db.com/exploits/6994",
37-
"https://www.exploit-db.com/exploits/7006"
38-
]
39-
exp_urls = [
40-
"https://www.exploit-db.com/exploits/7006"
41-
]
42-
nuclei_templates = []
12+
exp_urls = []
13+
poc_urls = []
14+
15+
[id]
16+
aliases = ["CVE-2008-2992"]
17+
ave_id = "AVE-2008-0003"
18+
cve_id = "CVE-2008-2992"
4319

4420
[meta]
21+
collected_at = "2026-07-10T22:44:36.492552111+00:00"
4522
status = "completed"
46-
collected_at = "2026-07-10T12:52:03.177870032Z"
47-
authenticity = { confidence = "high", evidence = "CISA KEV confirmed active exploitation, public PoC/EXP available" }
23+
24+
[references]
25+
urls = []

0 commit comments

Comments
 (0)