In [10]:
import os, time, json, requests, pandas as pd
from pathlib import Path

In [21]:
import os, time, json, requests, pandas as pd
from pathlib import Path

# ── config ─────────────────────────────────────────────────────────────
API_URL      = "https://services.nvd.nist.gov/rest/json/cves/2.0"
API_KEY      = os.getenv("NVD_API_KEY") or "ea5501a5-24fe-4720-80e3-2abed401d92f"
WHITELIST    = Path("../data/whitelist1.csv")
OUTFILE      = Path("../data/cves1.parquet")
RATE_SECS    = 1.0
PER_PAGE     = 2000
PROGRESS_EVERY = 25                # how often to print a status line
# ───────────────────────────────────────────────────────────────────────

def fetch_cves_for_cpe(cpe_uri: str) -> list[dict]:
    """
    Return ALL CVE JSON blobs for a single CPE URI, 
    restricted to those published between 2023-01-01 and 2024-12-31 (inclusive).
    • If version is "-" or "*", we trim after the product name so that `cpeName` is valid.
    """
    parts = cpe_uri.split(":")
    if len(parts) < 6:
        return []

    # If version is "*" or "-", trim to cpe:2.3:<part>:<vendor>:<product>
    version = parts[5]
    if version in ["*", "-"]:
        cpe_query = ":".join(parts[:6])  # part-vendor-product only
    else:
        cpe_query = cpe_uri

    all_items, start = [], 0
    headers = {"apiKey": API_KEY}

    # Define the publication date window (RFC3339 format)
    pub_start = "2023-01-01T00:00:00+00:00"
    pub_end   = "2024-12-31T23:59:59+00:00"

    while True:
        params = {
            "cpeName":        cpe_query,
            "resultsPerPage": PER_PAGE,
            "startIndex":     start,
            "pubStartDate":   pub_start,
            "pubEndDate":     pub_end
        }
        r = requests.get(API_URL, headers=headers, params=params, timeout=30)
        if r.status_code != 200:
            print(f"⚠️  {cpe_query[:70]} → {r.status_code}")
            break

        data  = r.json()
        items = data.get("vulnerabilities", [])
        if not items:
            break

        all_items.extend(items)
        start += PER_PAGE
        if start >= data.get("totalResults", 0):
            break

        time.sleep(RATE_SECS)

    return all_items

def flatten(v: dict, cpe_uri: str) -> dict:
    cve      = v["cve"]
    metrics  = cve.get("metrics", {})
    cvss31   = metrics.get("cvssMetricV31", [{}])[0].get("cvssData", {})
    cvss30   = metrics.get("cvssMetricV30", [{}])[0].get("cvssData", {})
    cvss     = cvss31 or cvss30
    descr    = next((d["value"] for d in cve.get("descriptions", []) if d["lang"] == "en"), "")
    cwes     = [
        d["value"] for w in cve.get("weaknesses", [])
        for d in w.get("description", []) if d.get("lang") == "en"
    ]
    refs     = "|".join(r["url"] for r in cve.get("references", [])[:10])

    return {
        "cve_id":            cve["id"],
        "cpe_name":          cpe_uri,
        "published":         cve.get("published"),
        "last_modified":     cve.get("lastModified"),

        "cvss_base":         cvss.get("baseScore"),
        "severity":          cvss.get("baseSeverity"),
        "attack_vector":     cvss.get("attackVector"),
        "attack_complexity": cvss.get("attackComplexity"),
        "priv_required":     cvss.get("privilegesRequired"),
        "user_interact":     cvss.get("userInteraction"),

        "cwes":              ";".join(cwes) if cwes else None,
        "description":       descr[:1000],
        "references":        refs,
        "full_json":         v,
    }

# ── 1. load whitelist ─────────────────────────────────────────────────
cpe_list = (
    pd.read_csv(WHITELIST, dtype=str)["cpeName"]
      .dropna()
      .unique()
)
print(f"📋  {len(cpe_list):,} unique CPEs to query")

# ── 2. query API ───────────────────────────────────────────────────────
rows = []
for idx, cpe in enumerate(cpe_list, start=1):
    # Print progress every PROGRESS_EVERY CPEs (or at the first one)
    if idx % PROGRESS_EVERY == 0 or idx == 1:
        print(f"  → {idx}/{len(cpe_list)}   {cpe[:70]}…")

    # Call the API for this CPE and flatten each returned CVE
    for vuln in fetch_cves_for_cpe(cpe):
        rows.append(flatten(vuln, cpe))

print("✔️  API queries finished")

📋  1,000 unique CPEs to query
  → 1/1000   cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:*…
⚠️  cpe:2.3:a:adobe:acrobat:- → 404
⚠️  cpe:2.3:a:adobe:acrobat:- → 404
⚠️  cpe:2.3:a:adobe:acrobat:1.0:*:*:*:suite:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.0.1:*:*:*:*:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.0.1:-:pro:*:*:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.0.2:*:*:*:*:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.0.3:*:*:*:*:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.0:-:pro:*:*:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.1.0:*:*:*:*:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.1.10:*:*:*:*:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.1.11:*:*:*:*:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.1.12:*:*:*:*:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.1.13:*:*:*:*:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.1.14:*:*:*:*:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.1.15:*:*:*:*:*:*:* → 404
⚠️  cpe:2.3:a:adobe:acrobat:10.1.16:*:*:*:*:*:*:* → 404
⚠️  cpe:2.3

KeyboardInterrupt: 

In [17]:
# ── 2. query API ───────────────────────────────────────────────────────
rows = []
for idx, cpe in enumerate(cpe_list, start=1):
    # Print progress every PROGRESS_EVERY CPEs (or at the first one)
    if idx % PROGRESS_EVERY == 0 or idx == 1:
        print(f"  → {idx}/{len(cpe_list)}   {cpe[:70]}…")

    # Call the API for this CPE and flatten each returned CVE
    for vuln in fetch_cves_for_cpe(cpe):
        rows.append(flatten(vuln, cpe))

print("✔️  API queries finished")

  → 1/1000   cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:*…
⚠️ cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:-:*:*:*:*:android:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:1.0:*:*:*:suite:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.0.1:*:*:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.0.1:-:pro:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.0.2:*:*:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.0.3:*:*:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.0:-:pro:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.1.0:*:*:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.1.10:*:*:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.1.11:*:*:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.1.12:*:*:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.1.13:*:*:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.1.14:*:*:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.1.15:*:*:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrobat:10.1.16:*:*:*:*:*:*:* → 404
⚠️ cpe:2.3:a:adobe:acrob

KeyboardInterrupt: 

In [18]:
# ── 3. build DataFrame & de-dup ────────────────────────────────────────
df = (
    pd.DataFrame(rows)
      .drop_duplicates(subset=["cve_id", "cpe_name"])
      .reset_index(drop=True)
)
print(f"🗂  {df.shape[0]:,} CVE–CPE rows collected")

🗂  0 CVE–CPE rows collected


In [9]:
df.info()

<class 'pandas.core.frame.DataFrame'>
RangeIndex: 381354 entries, 0 to 381353
Data columns (total 14 columns):
 #   Column             Non-Null Count   Dtype  
---  ------             --------------   -----  
 0   cve_id             381354 non-null  object 
 1   cpe_name           381354 non-null  object 
 2   published          381354 non-null  object 
 3   last_modified      381354 non-null  object 
 4   cvss_base          347353 non-null  float64
 5   severity           347353 non-null  object 
 6   attack_vector      347353 non-null  object 
 7   attack_complexity  347353 non-null  object 
 8   priv_required      347353 non-null  object 
 9   user_interact      347353 non-null  object 
 10  cwes               381354 non-null  object 
 11  description        381354 non-null  object 
 12  references         381354 non-null  object 
 13  full_json          381354 non-null  object 
dtypes: float64(1), object(13)
memory usage: 40.7+ MB


In [10]:
# ── 4. save ────────────────────────────────────────────────────────────
df.to_parquet(OUTFILE, index=False)
print(f"✅  Saved to {OUTFILE.resolve()}")

✅  Saved to C:\Users\hgbtx\Desktop\MIS433\final-project\cyber-risk-scoring\data\cves1.parquet


In [None]:
# Replace with your actual file path
PARQUET_PATH = "../data/cves1.parquet"

# Default engine is auto-detected (PyArrow > Fastparquet)
df = pd.read_parquet(PARQUET_PATH)

# Confirm it loaded correctly
print(df.shape)     # e.g. (15000, 14)
df.info(memory_usage="deep")
df.head()

In [7]:
import polars as pl

# Replace with your actual file path
PARQUET_PATH = '../data/cves1.parquet'

df_polars = pl.read_parquet(PARQUET_PATH)
df_polars.

Rows: 381354
Columns: 14
$ cve_id                  <str> 'CVE-2006-5857', 'CVE-2008-0655', 'CVE-2007-5659', 'CVE-2007-5663', 'CVE-2007-5666', 'CVE-2008-0726', 'CVE-2008-2042', 'CVE-2008-2992', 'CVE-2009-0928', 'CVE-2009-3459'
$ cpe_name                <str> 'cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:*', 'cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:*', 'cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:*', 'cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:*', 'cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:*', 'cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:*', 'cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:*', 'cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:*', 'cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:*', 'cpe:2.3:a:adobe:acrobat:-:*:*:*:*:*:*:*'
$ published               <str> '2006-12-31T05:00:00.000', '2008-02-07T21:00:00.000', '2008-02-12T19:00:00.000', '2008-02-12T19:00:00.000', '2008-02-12T19:00:00.000', '2008-02-12T20:00:00.000', '2008-05-08T00:20:00.000', '2008-11-04T18:29:47.667', '2009-03-25T01:30:00.547', '2009-10-13T10:30:00.577'
$ last_modif

In [8]:
df_polars

cve_id,cpe_name,published,last_modified,cvss_base,severity,attack_vector,attack_complexity,priv_required,user_interact,cwes,description,references,full_json
str,str,str,str,f64,str,str,str,str,str,str,str,str,struct[1]
"""CVE-2006-5857""","""cpe:2.3:a:adobe:acrobat:-:*:*:…","""2006-12-31T05:00:00.000""","""2025-04-09T00:30:58.490""",,,,,,,"""CWE-399""","""Adobe Reader and Acrobat 7.0.8…","""http://archives.neohapsis.com/…","{{null,null,null,null,[{[{[{""cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*"",""A8952F31-76A0-4BA7-9FD3-FA3A69C77017"",null,""7.0.8"",null,null,true}, {""cpe:2.3:a:adobe:acrobat:3.0:*:*:*:*:*:*:*"",""465F9134-DD86-4F13-8C39-949BE6E7389A"",null,null,null,null,true}, … {""cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*"",""623324C2-C8B5-4C3C-9C10-9677D5A6740A"",null,null,null,null,true}],false,""OR""}],null}],[],[{""en"",""Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.""}, {""es"",""Adobe Reader y Acrobat 7.0.8 y anteriores permite a atacantes remotos con la intervención del usuario ejecutar código mediante un archivo PDF manipulado que dispara una corrupción de memoria y sobrescribe un puntero de subrutina durante el dibujado.""}],null,null,null,""CVE-2006-5857"",""2025-04-09T00:30:58.490"",{[{false,""HIGH"",{""MEDIUM"",""NETWORK"",""NONE"",""COMPLETE"",9.3,""COMPLETE"",""COMPLETE"",""AV:N/AC:M/Au:N/C:C/I:C/A:C"",""2.0""},8.6,10.0,true,false,false,""nvd@nist.gov"",""Primary"",true}],null,null},""2006-12-31T05:00:00.000"",[{""cve@mitre.org"",null,""http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0200.html""}, {""cve@mitre.org"",null,""http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html""}, … {""af854a3a-2127-422b-91ae-364da2661108"",null,""https://rhn.redhat.com/errata/RHSA-2007-0017.html""}],""cve@mitre.org"",null,""Deferred"",[{[{""en"",""CWE-399""}],""nvd@nist.gov"",""Primary""}]}}"
"""CVE-2008-0655""","""cpe:2.3:a:adobe:acrobat:-:*:*:…","""2008-02-07T21:00:00.000""","""2025-04-09T00:30:58.490""",9.8,"""CRITICAL""","""NETWORK""","""LOW""","""NONE""","""NONE""","""NVD-CWE-noinfo;CWE-200""","""Multiple unspecified vulnerabi…","""http://blogs.adobe.com/acrorea…","{{""2022-06-22"",""2022-06-08"",""Apply updates per vendor instructions."",""Adobe Acrobat and Reader Unspecified Vulnerability"",[{[{[{""cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*"",""B1BF2209-B59C-497A-AEA7-154C1A140157"",""8.1.2"",null,null,null,true}],false,""OR""}],null}, {[{[{""cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*"",""AC62F510-1939-40B4-A219-84FE2C1F7CCA"",""8.1.2"",null,null,null,true}],false,""OR""}],null}],[],[{""en"",""Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.""}, {""es"",""Múltiples vulnerabilidades no especificadas en Adobe Reader y Acrobat anterior a la versión 8.1.2 tienen vectores de impacto y ataque desconocidos.""}],null,null,null,""CVE-2008-0655"",""2025-04-09T00:30:58.490"",{[{false,""HIGH"",{""MEDIUM"",""NETWORK"",""NONE"",""COMPLETE"",9.3,""COMPLETE"",""COMPLETE"",""AV:N/AC:M/Au:N/C:C/I:C/A:C"",""2.0""},8.6,10.0,false,false,false,""nvd@nist.gov"",""Primary"",true}],null,[{{""LOW"",""NETWORK"",""HIGH"",9.8,""CRITICAL"",""HIGH"",""HIGH"",""NONE"",""UNCHANGED"",""NONE"",""CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"",""3.1""},3.9,5.9,""nvd@nist.gov"",""Primary""}, {{""LOW"",""NETWORK"",""HIGH"",9.8,""CRITICAL"",""HIGH"",""HIGH"",""NONE"",""UNCHANGED"",""NONE"",""CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"",""3.1""},3.9,5.9,""134c704f-9b21-4f2e-91b3-4a467353bcc0"",""Secondary""}]},""2008-02-07T21:00:00.000"",[{""cve@mitre.org"",[""Broken Link""],""http://blogs.adobe.com/acroread/2008/02/adobe_reader_812_for_linux_and.html""}, {""cve@mitre.org"",[""Vendor Advisory""],""http://kb.adobe.com/selfservice/viewContent.do?externalId=kb403079&sliceId=1""}, … {""af854a3a-2127-422b-91ae-364da2661108"",[""Broken Link""],""https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10299""}],""cve@mitre.org"",null,""Deferred"",[{[{""en"",""NVD-CWE-noinfo""}],""nvd@nist.gov"",""Primary""}, {[{""en"",""CWE-200""}],""134c704f-9b21-4f2e-91b3-4a467353bcc0"",""Secondary""}]}}"
"""CVE-2007-5659""","""cpe:2.3:a:adobe:acrobat:-:*:*:…","""2008-02-12T19:00:00.000""","""2025-04-09T00:30:58.490""",7.8,"""HIGH""","""LOCAL""","""LOW""","""NONE""","""REQUIRED""","""CWE-120;CWE-120""","""Multiple buffer overflows in A…","""http://labs.idefense.com/intel…","{{""2022-06-22"",""2022-06-08"",""Apply updates per vendor instructions."",""Adobe Acrobat and Reader Buffer Overflow Vulnerability"",[{[{[{""cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*"",""B1BF2209-B59C-497A-AEA7-154C1A140157"",""8.1.2"",null,null,null,true}, {""cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*"",""AC62F510-1939-40B4-A219-84FE2C1F7CCA"",""8.1.2"",null,null,null,true}],false,""OR""}],null}],[],[{""en"",""Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.""}, {""es"",""Múltiples desbordamientos de búfer en Adobe Reader and Acrobat 8.1.1 y anteriores permiten a atacantes remotos ejecutar código de su elección a través de ficheros PDF con argumentos largos de métodos no especificados de JavaScript. NOTA: esta cuestión podría ser subsumida por CVE-2008-0655.""}],null,null,null,""CVE-2007-5659"",""2025-04-09T00:30:58.490"",{[{false,""HIGH"",{""MEDIUM"",""NETWORK"",""NONE"",""COMPLETE"",9.3,""COMPLETE"",""COMPLETE"",""AV:N/AC:M/Au:N/C:C/I:C/A:C"",""2.0""},8.6,10.0,true,false,false,""nvd@nist.gov"",""Primary"",true}],null,[{{""LOW"",""LOCAL"",""HIGH"",7.8,""HIGH"",""HIGH"",""HIGH"",""NONE"",""UNCHANGED"",""REQUIRED"",""CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"",""3.1""},1.8,5.9,""nvd@nist.gov"",""Primary""}, {{""LOW"",""LOCAL"",""HIGH"",7.8,""HIGH"",""HIGH"",""HIGH"",""NONE"",""UNCHANGED"",""REQUIRED"",""CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"",""3.1""},1.8,5.9,""134c704f-9b21-4f2e-91b3-4a467353bcc0"",""Secondary""}]},""2008-02-12T19:00:00.000"",[{""cve@mitre.org"",[""Broken Link""],""http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=657""}, {""cve@mitre.org"",[""Broken Link""],""http://secunia.com/advisories/29065""}, … {""af854a3a-2127-422b-91ae-364da2661108"",[""Broken Link""],""https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9813""}],""cve@mitre.org"",null,""Deferred"",[{[{""en"",""CWE-120""}],""nvd@nist.gov"",""Primary""}, {[{""en"",""CWE-120""}],""134c704f-9b21-4f2e-91b3-4a467353bcc0"",""Secondary""}]}}"
"""CVE-2007-5663""","""cpe:2.3:a:adobe:acrobat:-:*:*:…","""2008-02-12T19:00:00.000""","""2025-04-09T00:30:58.490""",,,,,,,"""CWE-94""","""Adobe Reader and Acrobat 8.1.1…","""http://labs.idefense.com/intel…","{{null,null,null,null,[{[{[{""cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*"",""3A068220-ADFE-46F0-AE35-3355BEFEECD9"",null,""8.1.1"",null,null,true}, {""cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*"",""82321E60-2553-41E2-A4F4-375CFF011C0A"",null,""8.1.1"",null,null,true}],false,""OR""}],null}],[],[{""en"",""Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.""}, {""es"",""Adobe Reader y Acrobat 8.1.1 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo PDF manipulado que llama a un método JavaScript inseguro en el complemento EScript.api. NOTA: este problema podría estar incluido en CVE-2008-0655.""}],null,null,null,""CVE-2007-5663"",""2025-04-09T00:30:58.490"",{[{false,""HIGH"",{""MEDIUM"",""NETWORK"",""NONE"",""COMPLETE"",9.3,""COMPLETE"",""COMPLETE"",""AV:N/AC:M/Au:N/C:C/I:C/A:C"",""2.0""},8.6,10.0,true,false,false,""nvd@nist.gov"",""Primary"",true}],null,null},""2008-02-12T19:00:00.000"",[{""cve@mitre.org"",null,""http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=656""}, {""cve@mitre.org"",null,""http://secunia.com/advisories/29065""}, … {""af854a3a-2127-422b-91ae-364da2661108"",null,""https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9928""}],""cve@mitre.org"",null,""Deferred"",[{[{""en"",""CWE-94""}],""nvd@nist.gov"",""Primary""}]}}"
"""CVE-2007-5666""","""cpe:2.3:a:adobe:acrobat:-:*:*:…","""2008-02-12T19:00:00.000""","""2025-04-09T00:30:58.490""",,,,,,,"""CWE-94""","""Untrusted search path vulnerab…","""http://labs.idefense.com/intel…","{{null,null,null,null,[{[{[{""cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*"",""3A068220-ADFE-46F0-AE35-3355BEFEECD9"",null,""8.1.1"",null,null,true}, {""cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*"",""82321E60-2553-41E2-A4F4-375CFF011C0A"",null,""8.1.1"",null,null,true}],false,""OR""}],null}],[],[{""en"",""Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655.""}, {""es"",""Vulnerabilidad de ruta de búsqueda no confiable en Adobe Reader y Acrobat 8.1.1 y anteriores permite a usuarios locales ejecutar código de su elección a través de una librería maliciosa del proveedor de Seguridad en el directorio de trabajo actual de los lectores. NOTA: este asunto podría estar subsumido por CVE-2008-0655.""}],null,null,null,""CVE-2007-5666"",""2025-04-09T00:30:58.490"",{[{false,""MEDIUM"",{""HIGH"",""LOCAL"",""NONE"",""COMPLETE"",6.2,""COMPLETE"",""COMPLETE"",""AV:L/AC:H/Au:N/C:C/I:C/A:C"",""2.0""},1.9,10.0,true,false,false,""nvd@nist.gov"",""Primary"",false}],null,null},""2008-02-12T19:00:00.000"",[{""cve@mitre.org"",null,""http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=655""}, {""cve@mitre.org"",[""Vendor Advisory""],""http://secunia.com/advisories/29065""}, … {""af854a3a-2127-422b-91ae-364da2661108"",null,""https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11161""}],""cve@mitre.org"",null,""Deferred"",[{[{""en"",""CWE-94""}],""nvd@nist.gov"",""Primary""}]}}"
…,…,…,…,…,…,…,…,…,…,…,…,…,…
"""CVE-2019-15566""","""cpe:2.3:a:alfresco:alfresco:1.…","""2019-08-26T15:15:12.437""","""2024-11-21T04:29:01.870""",9.8,"""CRITICAL""","""NETWORK""","""LOW""","""NONE""","""NONE""","""CWE-89""","""The Alfresco application befor…","""https://github.com/Alfresco/al…","{{null,null,null,null,[{[{[{""cpe:2.3:a:alfresco:alfresco:*:*:*:*:*:android:*:*"",""4CF85BEF-59EC-4815-B33C-00F97AC2C0ED"",""1.8.7"",null,null,null,true}],false,""OR""}],null}],[],[{""en"",""The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.""}, {""es"",""La aplicación Alfresco anterior a 1.8.7 para Android permite la inyección SQL en HistorySearchProvider.java.""}],null,null,null,""CVE-2019-15566"",""2024-11-21T04:29:01.870"",{[{false,""HIGH"",{""LOW"",""NETWORK"",""NONE"",""PARTIAL"",7.5,""PARTIAL"",""PARTIAL"",""AV:N/AC:L/Au:N/C:P/I:P/A:P"",""2.0""},10.0,6.4,false,false,false,""nvd@nist.gov"",""Primary"",false}],[{{""LOW"",""NETWORK"",""HIGH"",9.8,""CRITICAL"",""HIGH"",""HIGH"",""NONE"",""UNCHANGED"",""NONE"",""CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"",""3.0""},3.9,5.9,""nvd@nist.gov"",""Primary""}],null},""2019-08-26T15:15:12.437"",[{""cve@mitre.org"",[""Patch"", ""Third Party Advisory""],""https://github.com/Alfresco/alfresco-android-app/pull/547""}, {""cve@mitre.org"",[""Release Notes"", ""Third Party Advisory""],""https://github.com/Alfresco/alfresco-android-app/releases/tag/1.8.7""}, … {""af854a3a-2127-422b-91ae-364da2661108"",[""Release Notes"", ""Third Party Advisory""],""https://github.com/Alfresco/alfresco-android-app/releases/tag/1.8.7""}],""cve@mitre.org"",null,""Modified"",[{[{""en"",""CWE-89""}],""nvd@nist.gov"",""Primary""}]}}"
"""CVE-2019-15566""","""cpe:2.3:a:alfresco:alfresco:1.…","""2019-08-26T15:15:12.437""","""2024-11-21T04:29:01.870""",9.8,"""CRITICAL""","""NETWORK""","""LOW""","""NONE""","""NONE""","""CWE-89""","""The Alfresco application befor…","""https://github.com/Alfresco/al…","{{null,null,null,null,[{[{[{""cpe:2.3:a:alfresco:alfresco:*:*:*:*:*:android:*:*"",""4CF85BEF-59EC-4815-B33C-00F97AC2C0ED"",""1.8.7"",null,null,null,true}],false,""OR""}],null}],[],[{""en"",""The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.""}, {""es"",""La aplicación Alfresco anterior a 1.8.7 para Android permite la inyección SQL en HistorySearchProvider.java.""}],null,null,null,""CVE-2019-15566"",""2024-11-21T04:29:01.870"",{[{false,""HIGH"",{""LOW"",""NETWORK"",""NONE"",""PARTIAL"",7.5,""PARTIAL"",""PARTIAL"",""AV:N/AC:L/Au:N/C:P/I:P/A:P"",""2.0""},10.0,6.4,false,false,false,""nvd@nist.gov"",""Primary"",false}],[{{""LOW"",""NETWORK"",""HIGH"",9.8,""CRITICAL"",""HIGH"",""HIGH"",""NONE"",""UNCHANGED"",""NONE"",""CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"",""3.0""},3.9,5.9,""nvd@nist.gov"",""Primary""}],null},""2019-08-26T15:15:12.437"",[{""cve@mitre.org"",[""Patch"", ""Third Party Advisory""],""https://github.com/Alfresco/alfresco-android-app/pull/547""}, {""cve@mitre.org"",[""Release Notes"", ""Third Party Advisory""],""https://github.com/Alfresco/alfresco-android-app/releases/tag/1.8.7""}, … {""af854a3a-2127-422b-91ae-364da2661108"",[""Release Notes"", ""Third Party Advisory""],""https://github.com/Alfresco/alfresco-android-app/releases/tag/1.8.7""}],""cve@mitre.org"",null,""Modified"",[{[{""en"",""CWE-89""}],""nvd@nist.gov"",""Primary""}]}}"
"""CVE-2019-15566""","""cpe:2.3:a:alfresco:alfresco:1.…","""2019-08-26T15:15:12.437""","""2024-11-21T04:29:01.870""",9.8,"""CRITICAL""","""NETWORK""","""LOW""","""NONE""","""NONE""","""CWE-89""","""The Alfresco application befor…","""https://github.com/Alfresco/al…","{{null,null,null,null,[{[{[{""cpe:2.3:a:alfresco:alfresco:*:*:*:*:*:android:*:*"",""4CF85BEF-59EC-4815-B33C-00F97AC2C0ED"",""1.8.7"",null,null,null,true}],false,""OR""}],null}],[],[{""en"",""The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.""}, {""es"",""La aplicación Alfresco anterior a 1.8.7 para Android permite la inyección SQL en HistorySearchProvider.java.""}],null,null,null,""CVE-2019-15566"",""2024-11-21T04:29:01.870"",{[{false,""HIGH"",{""LOW"",""NETWORK"",""NONE"",""PARTIAL"",7.5,""PARTIAL"",""PARTIAL"",""AV:N/AC:L/Au:N/C:P/I:P/A:P"",""2.0""},10.0,6.4,false,false,false,""nvd@nist.gov"",""Primary"",false}],[{{""LOW"",""NETWORK"",""HIGH"",9.8,""CRITICAL"",""HIGH"",""HIGH"",""NONE"",""UNCHANGED"",""NONE"",""CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"",""3.0""},3.9,5.9,""nvd@nist.gov"",""Primary""}],null},""2019-08-26T15:15:12.437"",[{""cve@mitre.org"",[""Patch"", ""Third Party Advisory""],""https://github.com/Alfresco/alfresco-android-app/pull/547""}, {""cve@mitre.org"",[""Release Notes"", ""Third Party Advisory""],""https://github.com/Alfresco/alfresco-android-app/releases/tag/1.8.7""}, … {""af854a3a-2127-422b-91ae-364da2661108"",[""Release Notes"", ""Third Party Advisory""],""https://github.com/Alfresco/alfresco-android-app/releases/tag/1.8.7""}],""cve@mitre.org"",null,""Modified"",[{[{""en"",""CWE-89""}],""nvd@nist.gov"",""Primary""}]}}"
"""CVE-2019-15566""","""cpe:2.3:a:alfresco:alfresco:1.…","""2019-08-26T15:15:12.437""","""2024-11-21T04:29:01.870""",9.8,"""CRITICAL""","""NETWORK""","""LOW""","""NONE""","""NONE""","""CWE-89""","""The Alfresco application befor…","""https://github.com/Alfresco/al…","{{null,null,null,null,[{[{[{""cpe:2.3:a:alfresco:alfresco:*:*:*:*:*:android:*:*"",""4CF85BEF-59EC-4815-B33C-00F97AC2C0ED"",""1.8.7"",null,null,null,true}],false,""OR""}],null}],[],[{""en"",""The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java.""}, {""es"",""La aplicación Alfresco anterior a 1.8.7 para Android permite la inyección SQL en HistorySearchProvider.java.""}],null,null,null,""CVE-2019-15566"",""2024-11-21T04:29:01.870"",{[{false,""HIGH"",{""LOW"",""NETWORK"",""NONE"",""PARTIAL"",7.5,""PARTIAL"",""PARTIAL"",""AV:N/AC:L/Au:N/C:P/I:P/A:P"",""2.0""},10.0,6.4,false,false,false,""nvd@nist.gov"",""Primary"",false}],[{{""LOW"",""NETWORK"",""HIGH"",9.8,""CRITICAL"",""HIGH"",""HIGH"",""NONE"",""UNCHANGED"",""NONE"",""CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"",""3.0""},3.9,5.9,""nvd@nist.gov"",""Primary""}],null},""2019-08-26T15:15:12.437"",[{""cve@mitre.org"",[""Patch"", ""Third Party Advisory""],""https://github.com/Alfresco/alfresco-android-app/pull/547""}, {""cve@mitre.org"",[""Release Notes"", ""Third Party Advisory""],""https://github.com/Alfresco/alfresco-android-app/releases/tag/1.8.7""}, … {""af854a3a-2127-422b-91ae-364da2661108"",[""Release Notes"", ""Third Party Advisory""],""https://github.com/Alfresco/alfresco-android-app/releases/tag/1.8.7""}],""cve@mitre.org"",null,""Modified"",[{[{""en"",""CWE-89""}],""nvd@nist.gov"",""Primary""}]}}"
