admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 07:02:20 +00:00
parent bcf5436c76
commit 03be2d5d03
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
65 changed files with 4410 additions and 4410 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
2003/0xxx/CVE-2003-0166.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0166", "ID": "CVE-2003-0166",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030326 @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104869828526885&w=2" "lang": "eng",
}, "value": "Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions."
{ }
"name" : "20030327 RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=104878100719467&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20030402 Inaccurate Reports Concerning PHP Vulnerabilities", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104931415307111&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CLSA-2003:691", ]
"refsource" : "CONECTIVA", }
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691" ]
}, },
{ "references": {
"name" : "7197", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/7197" "name": "20030402 Inaccurate Reports Concerning PHP Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=104931415307111&w=2"
"name" : "7198", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/7198" "name": "CLSA-2003:691",
} "refsource": "CONECTIVA",
] "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691"
} },
{
"name": "20030327 RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104878100719467&w=2"
},
{
"name": "7198",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7198"
},
{
"name": "20030326 @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104869828526885&w=2"
},
{
"name": "7197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7197"
}
]
}
} }

138
2003/0xxx/CVE-2003-0339.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0339", "ID": "CVE-2003-0339",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allow remote attackers to execute arbitrary code via long HTTP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030522 WsMp3d remote exploit.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105361764807746&w=2" "lang": "eng",
}, "value": "Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allow remote attackers to execute arbitrary code via long HTTP requests."
{ }
"name" : "20030521 Remote Heap Corruption Overflow vulnerability in WsMp3d.", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=105353178019353&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20030521 Remote Heap Corruption Overflow vulnerability in WsMp3d.", "description": [
"refsource" : "VULNWATCH", {
"url" : "http://marc.info/?l=bugtraq&m=105353178019353&w=2" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20030521 Remote Heap Corruption Overflow vulnerability in WsMp3d.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105353178019353&w=2"
},
{
"name": "20030521 Remote Heap Corruption Overflow vulnerability in WsMp3d.",
"refsource": "VULNWATCH",
"url": "http://marc.info/?l=bugtraq&m=105353178019353&w=2"
},
{
"name": "20030522 WsMp3d remote exploit.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105361764807746&w=2"
}
]
}
} }

188
2003/0xxx/CVE-2003-0461.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0461", "ID": "CVE-2003-0461",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html" "lang": "eng",
}, "value": "/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords."
{ }
"name" : "RHSA-2003:238", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2004:188", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-188.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-358", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2004/dsa-358" ]
}, },
{ "references": {
"name" : "DSA-423", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-423" "name": "RHSA-2003:238",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-238.html"
"name" : "oval:org.mitre.oval:def:304", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A304" "name": "DSA-423",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-423"
"name" : "oval:org.mitre.oval:def:997", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A997" "name": "oval:org.mitre.oval:def:304",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A304"
"name" : "oval:org.mitre.oval:def:9330", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9330" "name": "http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html",
} "refsource": "MISC",
] "url": "http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html"
} },
{
"name": "oval:org.mitre.oval:def:997",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A997"
},
{
"name": "RHSA-2004:188",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-188.html"
},
{
"name": "DSA-358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-358"
},
{
"name": "oval:org.mitre.oval:def:9330",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9330"
}
]
}
} }

118
2003/1xxx/CVE-2003-1003.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1003", "ID": "CVE-2003-1003",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20031215 Cisco PIX Vulnerabilities", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml" "lang": "eng",
} "value": "Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031215 Cisco PIX Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml"
}
]
}
} }

188
2003/1xxx/CVE-2003-1201.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1201", "ID": "CVE-2003-1201",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.openldap.org/its/index.cgi?findid=2390", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.openldap.org/its/index.cgi?findid=2390" "lang": "eng",
}, "value": "ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault)."
{ }
"name" : "CLSA-2003:685", ]
"refsource" : "CONECTIVA", },
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200403-12", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200403-12.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "7656", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/7656" ]
}, },
{ "references": {
"name" : "17000", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/17000" "name": "CLSA-2003:685",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685"
"name" : "9203", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/9203" "name": "17000",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/17000"
"name" : "11261", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11261" "name": "11261",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11261"
"name" : "openldap-back-ldbm-dos(12520)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12520" "name": "GLSA-200403-12",
} "refsource": "GENTOO",
] "url": "http://security.gentoo.org/glsa/glsa-200403-12.xml"
} },
{
"name": "7656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7656"
},
{
"name": "http://www.openldap.org/its/index.cgi?findid=2390",
"refsource": "CONFIRM",
"url": "http://www.openldap.org/its/index.cgi?findid=2390"
},
{
"name": "9203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9203"
},
{
"name": "openldap-back-ldbm-dos(12520)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12520"
}
]
}
} }

138
2003/1xxx/CVE-2003-1303.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2003-1303", "ID": "CVE-2003-1303",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040" "lang": "eng",
}, "value": "Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header."
{ }
"name" : "http://bugs.php.net/bug.php?id=24150", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.php.net/bug.php?id=24150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:10346", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10346" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.php.net/bug.php?id=24150",
"refsource": "CONFIRM",
"url": "http://bugs.php.net/bug.php?id=24150"
},
{
"name": "oval:org.mitre.oval:def:10346",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10346"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040"
}
]
}
} }

158
2003/1xxx/CVE-2003-1479.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1479", "ID": "CVE-2003-1479",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030502 Code Injection Vulnerabilities in WebcamXP Chat Feature", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/320345" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field."
{ }
"name" : "http://www.frame4.com/content/advisories/FSA-2003-002.txt", ]
"refsource" : "MISC", },
"url" : "http://www.frame4.com/content/advisories/FSA-2003-002.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "7490", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/7490" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3304", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/3304" ]
}, },
{ "references": {
"name" : "webcamxp-multiple-xss(11952)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11952" "name": "20030502 Code Injection Vulnerabilities in WebcamXP Chat Feature",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/320345"
} },
{
"name": "7490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7490"
},
{
"name": "3304",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3304"
},
{
"name": "http://www.frame4.com/content/advisories/FSA-2003-002.txt",
"refsource": "MISC",
"url": "http://www.frame4.com/content/advisories/FSA-2003-002.txt"
},
{
"name": "webcamxp-multiple-xss(11952)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11952"
}
]
}
} }

138
2004/0xxx/CVE-2004-0149.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0149", "ID": "CVE-2004-0149",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in xboing before 2.4 allow local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-451", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-451" "lang": "eng",
}, "value": "Multiple buffer overflows in xboing before 2.4 allow local users to gain privileges."
{ }
"name" : "9764", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9764" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "xboing-bo(15347)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15347" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "xboing-bo(15347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15347"
},
{
"name": "9764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9764"
},
{
"name": "DSA-451",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-451"
}
]
}
} }

298
2004/0xxx/CVE-2004-0685.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0685", "ID": "CVE-2004-0685",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-1070", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1070" "lang": "eng",
}, "value": "Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage."
{ }
"name" : "DSA-1067", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2006/dsa-1067" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1069", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1069" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1082", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2006/dsa-1082" ]
}, },
{ "references": {
"name" : "FLSA:2336", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2336" "name": "20163",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20163"
"name" : "GLSA-200408-24", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml" "name": "VU#981134",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/981134"
"name" : "RHSA-2004:504", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-504.html" "name": "linux-usb-gain-privileges(16931)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16931"
"name" : "RHSA-2004:505", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-505.html" "name": "http://www.securityspace.com/smysecure/catid.html?id=14580",
}, "refsource": "MISC",
{ "url": "http://www.securityspace.com/smysecure/catid.html?id=14580"
"name" : "2004-0041", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.net/errata/2004/0041/" "name": "DSA-1082",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1082"
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921", },
"refsource" : "CONFIRM", {
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921" "name": "10892",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/10892"
"name" : "VU#981134", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/981134" "name": "FLSA:2336",
}, "refsource": "FEDORA",
{ "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
"name" : "10892", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10892" "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=127921"
"name" : "oval:org.mitre.oval:def:10665", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10665" "name": "GLSA-200408-24",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200408-24.xml"
"name" : "20162", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20162" "name": "DSA-1070",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1070"
"name" : "20163", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20163" "name": "20162",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20162"
"name" : "20202", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20202" "name": "2004-0041",
}, "refsource": "TRUSTIX",
{ "url": "http://www.trustix.net/errata/2004/0041/"
"name" : "20338", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20338" "name": "DSA-1067",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1067"
"name" : "linux-usb-gain-privileges(16931)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16931" "name": "DSA-1069",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1069"
"name" : "http://www.securityspace.com/smysecure/catid.html?id=14580", },
"refsource" : "MISC", {
"url" : "http://www.securityspace.com/smysecure/catid.html?id=14580" "name": "RHSA-2004:505",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2004-505.html"
} },
{
"name": "oval:org.mitre.oval:def:10665",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10665"
},
{
"name": "20202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20202"
},
{
"name": "RHSA-2004:504",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-504.html"
},
{
"name": "20338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20338"
}
]
}
} }

138
2004/0xxx/CVE-2004-0720.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0720", "ID": "CVE-2004-0720",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "11978", "description_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11978" "lang": "eng",
}, "value": "Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability."
{ }
"name" : "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http-frame-spoof(1598)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http-frame-spoof(1598)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
},
{
"name": "11978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11978"
},
{
"name": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
"refsource": "MISC",
"url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
}
]
}
} }

188
2004/0xxx/CVE-2004-0748.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0748", "ID": "CVE-2004-0748",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130750", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130750" "lang": "eng",
}, "value": "mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop."
{ }
"name" : "GLSA-200409-21", ]
"refsource" : "GENTOO", },
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2004:096", "description": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2004:349", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2004-349.html" ]
}, },
{ "references": {
"name" : "SUSE-SA:2004:030", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2004_30_apache2.html" "name": "SUSE-SA:2004:030",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2004_30_apache2.html"
"name" : "2004-0047", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2004/0047/" "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130750",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130750"
"name" : "oval:org.mitre.oval:def:11126", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11126" "name": "2004-0047",
}, "refsource": "TRUSTIX",
{ "url": "http://www.trustix.org/errata/2004/0047/"
"name" : "apache-modssl-dos(17200)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17200" "name": "MDKSA-2004:096",
} "refsource": "MANDRAKE",
] "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096"
} },
{
"name": "GLSA-200409-21",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml"
},
{
"name": "oval:org.mitre.oval:def:11126",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11126"
},
{
"name": "RHSA-2004:349",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-349.html"
},
{
"name": "apache-modssl-dos(17200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17200"
}
]
}
} }

148
2004/1xxx/CVE-2004-1905.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1905", "ID": "CVE-2004-1905",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause a denial of service (crash) by calling the SetSitesFile function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040406 Panda ActiveScan 5.0 - Remote Buffer Overflow and A Crash(D.O.S)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108130573130482&w=2" "lang": "eng",
}, "value": "ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause a denial of service (crash) by calling the SetSitesFile function."
{ }
"name" : "http://theinsider.deep-ice.com/texts/advisory53.txt", ]
"refsource" : "MISC", },
"url" : "http://theinsider.deep-ice.com/texts/advisory53.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10067", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10067" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "panda-activescan-ascontrol-dos(15831)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15831" ]
} },
] "references": {
} "reference_data": [
{
"name": "panda-activescan-ascontrol-dos(15831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15831"
},
{
"name": "20040406 Panda ActiveScan 5.0 - Remote Buffer Overflow and A Crash(D.O.S)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108130573130482&w=2"
},
{
"name": "http://theinsider.deep-ice.com/texts/advisory53.txt",
"refsource": "MISC",
"url": "http://theinsider.deep-ice.com/texts/advisory53.txt"
},
{
"name": "10067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10067"
}
]
}
} }

158
2004/2xxx/CVE-2004-2019.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2019", "ID": "CVE-2004-2019",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040517 [waraxe-2004-SA#030 - Multiple vulnerabilities in PhpNuke 6.x - 7.3]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108482957715299&w=2" "lang": "eng",
}, "value": "The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message."
{ }
"name" : "http://www.waraxe.us/index.php?modname=sa&id=29", ]
"refsource" : "MISC", },
"url" : "http://www.waraxe.us/index.php?modname=sa&id=29" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10367", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10367" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11625", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/11625" ]
}, },
{ "references": {
"name" : "phpnuke-show-weblink-path-disclosure(16170)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16170" "name": "http://www.waraxe.us/index.php?modname=sa&id=29",
} "refsource": "MISC",
] "url": "http://www.waraxe.us/index.php?modname=sa&id=29"
} },
{
"name": "10367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10367"
},
{
"name": "20040517 [waraxe-2004-SA#030 - Multiple vulnerabilities in PhpNuke 6.x - 7.3]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108482957715299&w=2"
},
{
"name": "11625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11625"
},
{
"name": "phpnuke-show-weblink-path-disclosure(16170)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16170"
}
]
}
} }

168
2004/2xxx/CVE-2004-2355.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2355", "ID": "CVE-2004-2355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040603 Cross-site scripting vulnerability in Crafy Syntax Live Help 2.7.3 and below", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-06/0054.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session."
{ }
"name" : "http://www.craftysyntax.com/CHANGELOG.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://www.craftysyntax.com/CHANGELOG.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10463", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10463" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "6744", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/6744" ]
}, },
{ "references": {
"name" : "11789", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11789" "name": "10463",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/10463"
"name" : "cslh-chat-name-xss(16321)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16321" "name": "http://www.craftysyntax.com/CHANGELOG.txt",
} "refsource": "CONFIRM",
] "url": "http://www.craftysyntax.com/CHANGELOG.txt"
} },
{
"name": "6744",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6744"
},
{
"name": "11789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11789"
},
{
"name": "20040603 Cross-site scripting vulnerability in Crafy Syntax Live Help 2.7.3 and below",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0054.html"
},
{
"name": "cslh-chat-name-xss(16321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16321"
}
]
}
} }

168
2004/2xxx/CVE-2004-2378.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2378", "ID": "CVE-2004-2378",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "@Mail 3.64 for Windows allows remote attackers to cause a denial of service (\"unusable\" server) via a large number of POP3 connections to the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://members.lycos.co.uk/r34ct/main/@mail_3.64/@mail_3.64.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://members.lycos.co.uk/r34ct/main/@mail_3.64/@mail_3.64.txt" "lang": "eng",
}, "value": "@Mail 3.64 for Windows allows remote attackers to cause a denial of service (\"unusable\" server) via a large number of POP3 connections to the server."
{ }
"name" : "9749", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9749" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4068", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/4068" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1009208", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/alerts/2004/Feb/1009208.html" ]
}, },
{ "references": {
"name" : "10978", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10978" "name": "http://members.lycos.co.uk/r34ct/main/@mail_3.64/@mail_3.64.txt",
}, "refsource": "MISC",
{ "url": "http://members.lycos.co.uk/r34ct/main/@mail_3.64/@mail_3.64.txt"
"name" : "atmail-connection-dos(15320)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15320" "name": "atmail-connection-dos(15320)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15320"
} },
{
"name": "10978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10978"
},
{
"name": "9749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9749"
},
{
"name": "1009208",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2004/Feb/1009208.html"
},
{
"name": "4068",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4068"
}
]
}
} }

198
2004/2xxx/CVE-2004-2526.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2526", "ID": "CVE-2004-2526",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040802 IBM Directory Server - ldacgi.exe", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1311.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter."
{ }
"name" : "http://www.oliverkarow.de/research/IDS_directory_traversal.txt", ]
"refsource" : "MISC", },
"url" : "http://www.oliverkarow.de/research/IDS_directory_traversal.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IR52692", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IR52692" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "IR53631", ]
"refsource" : "AIXAPAR", }
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IR53631" ]
}, },
{ "references": {
"name" : "10841", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10841" "name": "IR52692",
}, "refsource": "AIXAPAR",
{ "url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IR52692"
"name" : "8367", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/8367" "name": "1010834",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1010834"
"name" : "1010834", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1010834" "name": "10841",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/10841"
"name" : "10347", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10347" "name": "8367",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/8367"
"name" : "tivoli-directory-directory-traversal(16850)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16850" "name": "20040802 IBM Directory Server - ldacgi.exe",
} "refsource": "FULLDISC",
] "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1311.html"
} },
{
"name": "http://www.oliverkarow.de/research/IDS_directory_traversal.txt",
"refsource": "MISC",
"url": "http://www.oliverkarow.de/research/IDS_directory_traversal.txt"
},
{
"name": "tivoli-directory-directory-traversal(16850)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16850"
},
{
"name": "10347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10347"
},
{
"name": "IR53631",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IR53631"
}
]
}
} }

148
2008/2xxx/CVE-2008-2088.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2088", "ID": "CVE-2008-2088",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5504", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5504" "lang": "eng",
}, "value": "SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php."
{ }
"name" : "28950", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28950" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1386", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1386/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "phpforge-admin-sql-injection(42017)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42017" ]
} },
] "references": {
} "reference_data": [
{
"name": "5504",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5504"
},
{
"name": "phpforge-admin-sql-injection(42017)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42017"
},
{
"name": "28950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28950"
},
{
"name": "ADV-2008-1386",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1386/references"
}
]
}
} }

408
2008/2xxx/CVE-2008-2292.json
View File

@ -1,207 +1,207 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2292", "ID": "CVE-2008-2292",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694" "lang": "eng",
}, "value": "Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP)."
{ }
"name" : "http://www.vmware.com/security/advisories/VMSA-2008-0013.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.vmware.com/security/advisories/VMSA-2008-0013.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1663", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2008/dsa-1663" ]
}, },
{ "references": {
"name" : "FEDORA-2008-5215", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html" "name": "1020527",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020527"
"name" : "FEDORA-2008-5218", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html" "name": "30615",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30615"
"name" : "FEDORA-2008-5224", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html" "name": "32664",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32664"
"name" : "GLSA-200808-02", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200808-02.xml" "name": "SUSE-SA:2008:039",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html"
"name" : "MDVSA-2008:118", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118" "name": "30187",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30187"
"name" : "RHSA-2008:0529", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0529.html" "name": "31351",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31351"
"name" : "239785", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1" "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-282.htm"
"name" : "SUSE-SA:2008:039", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00000.html" "name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1826174&group_id=12694&atid=112694"
"name" : "USN-685-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-685-1" "name": "FEDORA-2008-5215",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00363.html"
"name" : "29212", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29212" "name": "31334",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31334"
"name" : "oval:org.mitre.oval:def:11261", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261" "name": "ADV-2008-2141",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2141/references"
"name" : "1020527", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020527" "name": "30647",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30647"
"name" : "33003", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33003" "name": "29212",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/29212"
"name" : "ADV-2008-1528", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1528/references" "name": "33003",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33003"
"name" : "ADV-2008-2141", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2141/references" "name": "ADV-2008-2361",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2361"
"name" : "ADV-2008-2361", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2361" "name": "31568",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31568"
"name" : "30187", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30187" "name": "31467",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31467"
"name" : "30647", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30647" "name": "239785",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239785-1"
"name" : "31155", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31155" "name": "DSA-1663",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1663"
"name" : "31334", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31334" "name": "RHSA-2008:0529",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0529.html"
"name" : "31351", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31351" "name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
"name" : "31467", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31467" "name": "31155",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31155"
"name" : "31568", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31568" "name": "GLSA-200808-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200808-02.xml"
"name" : "30615", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30615" "name": "netsnmp-snprintvalue-bo(42430)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42430"
"name" : "32664", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32664" "name": "FEDORA-2008-5218",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00459.html"
"name" : "netsnmp-snprintvalue-bo(42430)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42430" "name": "FEDORA-2008-5224",
} "refsource": "FEDORA",
] "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00380.html"
} },
{
"name": "MDVSA-2008:118",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:118"
},
{
"name": "USN-685-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-685-1"
},
{
"name": "ADV-2008-1528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1528/references"
},
{
"name": "oval:org.mitre.oval:def:11261",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11261"
}
]
}
} }

138
2008/2xxx/CVE-2008-2537.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2537", "ID": "CVE-2008-2537",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5577", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5577" "lang": "eng",
}, "value": "SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter."
{ }
"name" : "29128", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29128" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "modelsearch-cat-sql-injection(42312)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42312" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "29128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29128"
},
{
"name": "modelsearch-cat-sql-injection(42312)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42312"
},
{
"name": "5577",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5577"
}
]
}
} }

148
2008/2xxx/CVE-2008-2643.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2643", "ID": "CVE-2008-2643",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5710", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5710" "lang": "eng",
}, "value": "SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php."
{ }
"name" : "http://joomlacode.org/gf/project/biblestudy/news/?action=NewsThreadView&id=1454", ]
"refsource" : "CONFIRM", },
"url" : "http://joomlacode.org/gf/project/biblestudy/news/?action=NewsThreadView&id=1454" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30492", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30492" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "biblestudy-index-sql-injection(42788)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42788" ]
} },
] "references": {
} "reference_data": [
{
"name": "30492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30492"
},
{
"name": "5710",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5710"
},
{
"name": "biblestudy-index-sql-injection(42788)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42788"
},
{
"name": "http://joomlacode.org/gf/project/biblestudy/news/?action=NewsThreadView&id=1454",
"refsource": "CONFIRM",
"url": "http://joomlacode.org/gf/project/biblestudy/news/?action=NewsThreadView&id=1454"
}
]
}
} }

168
2008/6xxx/CVE-2008-6130.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6130", "ID": "CVE-2008-6130",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080930 [MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=122278832621348&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters."
{ }
"name" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls56", ]
"refsource" : "MISC", },
"url" : "http://www.majorsecurity.de/index_2.php?major_rls=major_rls56" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://wiki.mozilo.de/index.php?page=Changelog", "description": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.mozilo.de/index.php?page=Changelog" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31493", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/31493" ]
}, },
{ "references": {
"name" : "32024", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32024" "name": "20080930 [MajorSecurity Advisory #56]moziloWiki - Directory Traversal, XSS and SessionFixation Issues",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=122278832621348&w=2"
"name" : "mozilowiki-index-xss(45527)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45527" "name": "http://wiki.mozilo.de/index.php?page=Changelog",
} "refsource": "CONFIRM",
] "url": "http://wiki.mozilo.de/index.php?page=Changelog"
} },
{
"name": "32024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32024"
},
{
"name": "mozilowiki-index-xss(45527)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45527"
},
{
"name": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls56",
"refsource": "MISC",
"url": "http://www.majorsecurity.de/index_2.php?major_rls=major_rls56"
},
{
"name": "31493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31493"
}
]
}
} }

148
2008/6xxx/CVE-2008-6224.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6224", "ID": "CVE-2008-6224",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6992", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6992" "lang": "eng",
}, "value": "Directory traversal vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the plancia parameter."
{ }
"name" : "32115", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32115" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32515", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32515" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "wotw-visualizza-file-include(46340)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46340" ]
} },
] "references": {
} "reference_data": [
{
"name": "32515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32515"
},
{
"name": "6992",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6992"
},
{
"name": "32115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32115"
},
{
"name": "wotw-visualizza-file-include(46340)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46340"
}
]
}
} }

138
2008/6xxx/CVE-2008-6481.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6481", "ID": "CVE-2008-6481",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5989", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5989" "lang": "eng",
}, "value": "SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php."
{ }
"name" : "30050", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30050" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "versioning-index-sql-injection(43526)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43526" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "30050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30050"
},
{
"name": "versioning-index-sql-injection(43526)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43526"
},
{
"name": "5989",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5989"
}
]
}
} }

32
2012/1xxx/CVE-2012-1322.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1322", "ID": "CVE-2012-1322",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2012/1xxx/CVE-2012-1536.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1536", "ID": "CVE-2012-1536",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2012/1xxx/CVE-2012-1550.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1550", "ID": "CVE-2012-1550",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2012/1xxx/CVE-2012-1714.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-1714", "ID": "CVE-2012-1714",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in a TList 6 ActiveX control in Oracle Hyperion Financial Management 11.1.1.4 and 11.1.2.1.104 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1714_tlist_6", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1714_tlist_6" "lang": "eng",
} "value": "Unspecified vulnerability in a TList 6 ActiveX control in Oracle Hyperion Financial Management 11.1.1.4 and 11.1.2.1.104 allows remote attackers to execute arbitrary code via unknown vectors."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1714_tlist_6",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1714_tlist_6"
}
]
}
} }

158
2012/5xxx/CVE-2012-5004.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5004", "ID": "CVE-2012-5004",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/view/108972/VL-392.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/view/108972/VL-392.txt" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Parallels H-Sphere 3.3 Patch 1 allow remote attackers to hijack the authentication of admins for requests that (1) add group plans via admin/group_plans.html or (2) add extra packages via admin/extra_packs/create_extra_pack.html."
{ }
"name" : "http://www.vulnerability-lab.com/get_content.php?id=392", ]
"refsource" : "MISC", },
"url" : "http://www.vulnerability-lab.com/get_content.php?id=392" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "78505", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/78505" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "47556", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/47556" ]
}, },
{ "references": {
"name" : "parallelshsphere-multiple-xss(72628)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72628" "name": "78505",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/78505"
} },
{
"name": "http://packetstormsecurity.org/files/view/108972/VL-392.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/108972/VL-392.txt"
},
{
"name": "47556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47556"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=392",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=392"
},
{
"name": "parallelshsphere-multiple-xss(72628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72628"
}
]
}
} }

138
2012/5xxx/CVE-2012-5051.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5051", "ID": "CVE-2012-5051",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20121010 VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-10/0069.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows remote attackers to read arbitrary files via unspecified vectors."
{ }
"name" : "http://www.vmware.com/security/advisories/VMSA-2012-0014.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.vmware.com/security/advisories/VMSA-2012-0014.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "55808", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55808" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2012-0014.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0014.html"
},
{
"name": "20121010 VMSA-2012-0014 VMware vCenter Operations, CapacityIQ, and Movie Decoder security updates",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0069.html"
},
{
"name": "55808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55808"
}
]
}
} }

128
2012/5xxx/CVE-2012-5199.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2012-5199", "ID": "CVE-2012-5199",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBMU02836", "description_data": [
"refsource" : "HP", {
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700" "lang": "eng",
}, "value": "Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors."
{ }
"name" : "SSRT101060", ]
"refsource" : "HP", },
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMU02836",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700"
},
{
"name": "SSRT101060",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700"
}
]
}
} }

128
2012/5xxx/CVE-2012-5222.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2012-5222", "ID": "CVE-2012-5222",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBMU02872", "description_data": [
"refsource" : "HP", {
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748875" "lang": "eng",
}, "value": "HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors."
{ }
"name" : "SSRT101185", ]
"refsource" : "HP", },
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748875" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101185",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748875"
},
{
"name": "HPSBMU02872",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748875"
}
]
}
} }

168
2012/5xxx/CVE-2012-5349.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5349", "ID": "CVE-2012-5349",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18330", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18330" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter."
{ }
"name" : "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/", ]
"refsource" : "CONFIRM", },
"url" : "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "51308", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51308" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "78205", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/78205" ]
}, },
{ "references": {
"name" : "47475", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47475" "name": "paywithtweet-pay-xss(72166)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72166"
"name" : "paywithtweet-pay-xss(72166)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72166" "name": "51308",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/51308"
} },
{
"name": "18330",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18330"
},
{
"name": "78205",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78205"
},
{
"name": "47475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47475"
},
{
"name": "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/pay-with-tweet/changelog/"
}
]
}
} }

168
2012/5xxx/CVE-2012-5702.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5702", "ID": "CVE-2012-5702",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. NOTE: the date parameter vector is already covered by CVE-2008-3886."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.htbridge.com/advisory/HTB23124", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23124" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. NOTE: the date parameter vector is already covered by CVE-2008-3886."
{ }
"name" : "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "56624", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56624" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "87627", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/87627" ]
}, },
{ "references": {
"name" : "51332", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51332" "name": "87627",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/87627"
"name" : "dotproject-index-date-xss(80216)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80216" "name": "https://www.htbridge.com/advisory/HTB23124",
} "refsource": "MISC",
] "url": "https://www.htbridge.com/advisory/HTB23124"
} },
{
"name": "56624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56624"
},
{
"name": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/dotproject/files/dotproject/dotProject%20Version%202.1.7/"
},
{
"name": "dotproject-index-date-xss(80216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80216"
},
{
"name": "51332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51332"
}
]
}
} }

128
2017/11xxx/CVE-2017-11194.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11194", "ID": "CVE-2017-11194",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf" "lang": "eng",
}, "value": "Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc."
{ }
"name" : "https://twitter.com/sxcurity/status/884556905145937921", ]
"refsource" : "MISC", },
"url" : "https://twitter.com/sxcurity/status/884556905145937921" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/sxcurity/status/884556905145937921",
"refsource": "MISC",
"url": "https://twitter.com/sxcurity/status/884556905145937921"
},
{
"name": "http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf",
"refsource": "MISC",
"url": "http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf"
}
]
}
} }

138
2017/11xxx/CVE-2017-11298.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-11298", "ID": "CVE-2017-11298",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Digital Editions 4.5.6 and earlier versions", "product_name": "Adobe Digital Editions 4.5.6 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Digital Editions 4.5.6 and earlier versions" "version_value": "Adobe Digital Editions 4.5.6 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds Read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html" "lang": "eng",
}, "value": "An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses."
{ }
"name" : "101839", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101839" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039798", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039798" "lang": "eng",
} "value": "Out-of-bounds Read"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "101839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101839"
},
{
"name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-39.html"
},
{
"name": "1039798",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039798"
}
]
}
} }

128
2017/11xxx/CVE-2017-11569.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11569", "ID": "CVE-2017-11569",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/fontforge/fontforge/issues/3093", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/fontforge/fontforge/issues/3093" "lang": "eng",
}, "value": "FontForge 20161012 is vulnerable to a heap-based buffer over-read in readttfcopyrights (parsettf.c) resulting in DoS or code execution via a crafted otf file."
{ }
"name" : "DSA-3958", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3958" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3958",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3958"
},
{
"name": "https://github.com/fontforge/fontforge/issues/3093",
"refsource": "MISC",
"url": "https://github.com/fontforge/fontforge/issues/3093"
}
]
}
} }

32
2017/11xxx/CVE-2017-11738.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11738", "ID": "CVE-2017-11738",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/11xxx/CVE-2017-11856.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-11-14T00:00:00", "DATE_PUBLIC": "2017-11-14T00:00:00",
"ID" : "CVE-2017-11856", "ID": "CVE-2017-11856",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Internet Explorer", "product_name": "Internet Explorer",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11855."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11856", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11856" "lang": "eng",
}, "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11855."
{ }
"name" : "101753", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101753" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11856",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11856"
},
{
"name": "101753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101753"
}
]
}
} }

174
2017/3xxx/CVE-2017-3235.json
View File

@ -1,90 +1,90 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3235", "ID": "CVE-2017-3235",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FLEXCUBE Universal Banking", "product_name": "FLEXCUBE Universal Banking",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "11.3.0" "version_value": "11.3.0"
}, },
{ {
"version_value" : "11.4.0" "version_value": "11.4.0"
}, },
{ {
"version_value" : "12.0.1" "version_value": "12.0.1"
}, },
{ {
"version_value" : "12.0.2" "version_value": "12.0.2"
}, },
{ {
"version_value" : "12.0.3" "version_value": "12.0.3"
}, },
{ {
"version_value" : "12.1.0" "version_value": "12.1.0"
}, },
{ {
"version_value" : "12.2.0" "version_value": "12.2.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 3.5 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 3.5 (Confidentiality and Integrity impacts)."
{ }
"name" : "95555", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95555" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037636", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037636" "lang": "eng",
} "value": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "95555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95555"
},
{
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
} }

164
2017/3xxx/CVE-2017-3380.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3380", "ID": "CVE-2017-3380",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Advanced Outbound Telephony", "product_name": "Advanced Outbound Telephony",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "12.1.1" "version_value": "12.1.1"
}, },
{ {
"version_value" : "12.1.2" "version_value": "12.1.2"
}, },
{ {
"version_value" : "12.1.3" "version_value": "12.1.3"
}, },
{ {
"version_value" : "12.2.3" "version_value": "12.2.3"
}, },
{ {
"version_value" : "12.2.4" "version_value": "12.2.4"
}, },
{ {
"version_value" : "12.2.5" "version_value": "12.2.5"
}, },
{ {
"version_value" : "12.2.6" "version_value": "12.2.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
{ }
"name" : "95531", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95531" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95531"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
} }

180
2017/3xxx/CVE-2017-3534.json
View File

@ -1,93 +1,93 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3534", "ID": "CVE-2017-3534",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FLEXCUBE Universal Banking", "product_name": "FLEXCUBE Universal Banking",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.0.1" "version_value": "12.0.1"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.0.2" "version_value": "12.0.2"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.0.3" "version_value": "12.0.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.0" "version_value": "12.1.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.0" "version_value": "12.2.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.3.0" "version_value": "12.3.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
{ }
"name" : "97762", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97762" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038304", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038304" "lang": "eng",
} "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data."
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038304"
},
{
"name": "97762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97762"
}
]
}
} }

138
2017/7xxx/CVE-2017-7084.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7084", "ID": "CVE-2017-7084",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"Application Firewall\" component. It allows remote attackers to bypass intended settings in opportunistic circumstances by leveraging incorrect handling of a denied setting after an upgrade."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208144", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208144" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"Application Firewall\" component. It allows remote attackers to bypass intended settings in opportunistic circumstances by leveraging incorrect handling of a denied setting after an upgrade."
{ }
"name" : "100993", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100993" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039427", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039427" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "100993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100993"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
}
]
}
} }

148
2017/7xxx/CVE-2017-7271.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7271", "ID": "CVE-2017-7271",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756" "lang": "eng",
}, "value": "Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen."
{ }
"name" : "https://github.com/yiisoft/yii2/pull/13401", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/yiisoft/yii2/pull/13401" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.yiiframework.com/news/123/yii-2-0-11-is-released/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.yiiframework.com/news/123/yii-2-0-11-is-released/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "97167", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/97167" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.yiiframework.com/news/123/yii-2-0-11-is-released/",
"refsource": "CONFIRM",
"url": "http://www.yiiframework.com/news/123/yii-2-0-11-is-released/"
},
{
"name": "https://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756",
"refsource": "CONFIRM",
"url": "https://github.com/yiisoft/yii2/commit/97171a0db7cda0a49931ee0c3b998ef50bd06756"
},
{
"name": "97167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97167"
},
{
"name": "https://github.com/yiisoft/yii2/pull/13401",
"refsource": "CONFIRM",
"url": "https://github.com/yiisoft/yii2/pull/13401"
}
]
}
} }

118
2017/7xxx/CVE-2017-7935.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-7935", "ID": "CVE-2017-7935",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Phoenix Contact GmbH mGuard", "product_name": "Phoenix Contact GmbH mGuard",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Phoenix Contact GmbH mGuard" "version_value": "Phoenix Contact GmbH mGuard"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01" "lang": "eng",
} "value": "A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01"
}
]
}
} }

118
2017/8xxx/CVE-2017-8444.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@elastic.co", "ASSIGNER": "security@elastic.co",
"ID" : "CVE-2017-8444", "ID": "CVE-2017-8444",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Elastic Cloud Enterprise", "product_name": "Elastic Cloud Enterprise",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.0.0 and 1.0.1" "version_value": "1.0.0 and 1.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Elastic" "vendor_name": "Elastic"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-319: Cleartext Transmission of Sensitive Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247", "description_data": [
"refsource" : "MISC", {
"url" : "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247" "lang": "eng",
} "value": "The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain sensitive data."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319: Cleartext Transmission of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247",
"refsource": "MISC",
"url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-0-2-security-update/100247"
}
]
}
} }

138
2017/8xxx/CVE-2017-8532.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-8532", "ID": "CVE-2017-8532",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Graphics", "product_name": "Graphics",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka \"Graphics Uniscribe Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8532", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8532" "lang": "eng",
}, "value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka \"Graphics Uniscribe Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533."
{ }
"name" : "98820", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98820" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038662", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038662" "lang": "eng",
} "value": "Information Disclosure"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8532",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8532"
},
{
"name": "98820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98820"
},
{
"name": "1038662",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038662"
}
]
}
} }

148
2017/8xxx/CVE-2017-8536.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-8536", "ID": "CVE-2017-8536",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Malware Protection Engine", "product_name": "Malware Protection Engine",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016." "version_value": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Server"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42081", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42081/" "lang": "eng",
}, "value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98708", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98708" "lang": "eng",
}, "value": "Denial of Server"
{ }
"name" : "1038571", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038571" ]
} },
] "references": {
} "reference_data": [
{
"name": "42081",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536"
},
{
"name": "98708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98708"
},
{
"name": "1038571",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038571"
}
]
}
} }

118
2017/8xxx/CVE-2017-8780.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8780", "ID": "CVE-2017-8780",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/semplon/GeniXCMS/issues/74", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/semplon/GeniXCMS/issues/74" "lang": "eng",
} "value": "GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/semplon/GeniXCMS/issues/74",
"refsource": "MISC",
"url": "https://github.com/semplon/GeniXCMS/issues/74"
}
]
}
} }

32
2018/10xxx/CVE-2018-10037.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10037", "ID": "CVE-2018-10037",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/10xxx/CVE-2018-10112.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10112", "ID": "CVE-2018-10112",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=795249", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=795249" "lang": "eng",
}, "value": "An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46."
{ }
"name" : "https://github.com/xiaoqx/pocs/tree/master/gegl", ]
"refsource" : "MISC", },
"url" : "https://github.com/xiaoqx/pocs/tree/master/gegl" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=795249",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=795249"
},
{
"name": "https://github.com/xiaoqx/pocs/tree/master/gegl",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/tree/master/gegl"
}
]
}
} }

32
2018/10xxx/CVE-2018-10370.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10370", "ID": "CVE-2018-10370",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/10xxx/CVE-2018-10750.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10750", "ID": "CVE-2018-10750",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/staticGet.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/staticGet.md" "lang": "eng",
} "value": "An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/staticGet.md",
"refsource": "MISC",
"url": "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/staticGet.md"
}
]
}
} }

118
2018/10xxx/CVE-2018-10968.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10968", "ID": "CVE-2018-10968",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://fortiguard.com/zeroday/FG-VD-18-061", "description_data": [
"refsource" : "MISC", {
"url" : "https://fortiguard.com/zeroday/FG-VD-18-061" "lang": "eng",
} "value": "On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/zeroday/FG-VD-18-061",
"refsource": "MISC",
"url": "https://fortiguard.com/zeroday/FG-VD-18-061"
}
]
}
} }

32
2018/12xxx/CVE-2018-12130.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12130", "ID": "CVE-2018-12130",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/12xxx/CVE-2018-12295.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12295", "ID": "CVE-2018-12295",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

238
2018/12xxx/CVE-2018-12412.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@tibco.com", "ASSIGNER": "security@tibco.com",
"DATE_PUBLIC" : "2018-11-06T17:00:00.000Z", "DATE_PUBLIC": "2018-11-06T17:00:00.000Z",
"ID" : "CVE-2018-12412", "ID": "CVE-2018-12412",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "TIBCO FTL Realm Server Vulnerable to CSRF Attacks" "TITLE": "TIBCO FTL Realm Server Vulnerable to CSRF Attacks"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "TIBCO FTL - Community Edition", "product_name": "TIBCO FTL - Community Edition",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_value" : "5.4.0" "version_value": "5.4.0"
} }
] ]
} }
}, },
{ {
"product_name" : "TIBCO FTL - Developer Edition", "product_name": "TIBCO FTL - Developer Edition",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_value" : "5.4.0" "version_value": "5.4.0"
} }
] ]
} }
}, },
{ {
"product_name" : "TIBCO FTL - Enterprise Edition", "product_name": "TIBCO FTL - Enterprise Edition",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_value" : "5.4.0" "version_value": "5.4.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "TIBCO Software Inc." "vendor_name": "TIBCO Software Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to realm configuration. With such access, the attacker might also be able to gain access to all data sent to endpoints controlled by the realm server."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.tibco.com/services/support/advisories", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.tibco.com/services/support/advisories" "lang": "eng",
}, "value": "The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0."
{ }
"name" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-ftl", ]
"refsource" : "CONFIRM", },
"url" : "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-ftl" "impact": {
}, "cvss": {
{ "attackComplexity": "HIGH",
"name" : "105861", "attackVector": "NETWORK",
"refsource" : "BID", "availabilityImpact": "HIGH",
"url" : "http://www.securityfocus.com/bid/105861" "baseScore": 7.5,
} "baseSeverity": "HIGH",
] "confidentialityImpact": "HIGH",
}, "integrityImpact": "HIGH",
"solution" : [ "privilegesRequired": "NONE",
{ "scope": "UNCHANGED",
"lang" : "eng", "userInteraction": "REQUIRED",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO FTL - Community Edition versions 5.4.0 and below update to version 5.4.1 or higher\nTIBCO FTL - Developer Edition versions 5.4.0 and below update to version 5.4.1 or higher\nTIBCO FTL - Enterprise Edition versions 5.4.0 and below update to version 5.4.1 or higher.\n" "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
} "version": "3.0"
], }
"source" : { },
"discovery" : "INTERNAL" "problemtype": {
} "problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to realm configuration. With such access, the attacker might also be able to gain access to all data sent to endpoints controlled by the realm server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-ftl",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-ftl"
},
{
"name": "105861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105861"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO FTL - Community Edition versions 5.4.0 and below update to version 5.4.1 or higher\nTIBCO FTL - Developer Edition versions 5.4.0 and below update to version 5.4.1 or higher\nTIBCO FTL - Enterprise Edition versions 5.4.0 and below update to version 5.4.1 or higher.\n"
}
],
"source": {
"discovery": "INTERNAL"
}
} }

128
2018/12xxx/CVE-2018-12705.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12705", "ID": "CVE-2018-12705",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44935", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44935/" "lang": "eng",
}, "value": "DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side)."
{ }
"name" : "https://hackings8n.blogspot.com/2018/06/cve-2018-12705-digisol-wireless-router.html", ]
"refsource" : "MISC", },
"url" : "https://hackings8n.blogspot.com/2018/06/cve-2018-12705-digisol-wireless-router.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44935",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44935/"
},
{
"name": "https://hackings8n.blogspot.com/2018/06/cve-2018-12705-digisol-wireless-router.html",
"refsource": "MISC",
"url": "https://hackings8n.blogspot.com/2018/06/cve-2018-12705-digisol-wireless-router.html"
}
]
}
} }

128
2018/12xxx/CVE-2018-12819.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-12819", "ID": "CVE-2018-12819",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Digital Editions", "product_name": "Adobe Digital Editions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.5.8 and below versions" "version_value": "4.5.8 and below versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe" "vendor_name": "Adobe"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html" "lang": "eng",
}, "value": "Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "105532", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105532" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Out of bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html"
},
{
"name": "105532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105532"
}
]
}
} }

32
2018/13xxx/CVE-2018-13107.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13107", "ID": "CVE-2018-13107",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/13xxx/CVE-2018-13284.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13284", "ID": "CVE-2018-13284",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/13xxx/CVE-2018-13502.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13502", "ID": "CVE-2018-13502",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for HeliumNetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for HeliumNetwork, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HeliumNetwork", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HeliumNetwork" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HeliumNetwork",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HeliumNetwork"
}
]
}
} }

128
2018/13xxx/CVE-2018-13620.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13620", "ID": "CVE-2018-13620",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for TripCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for TripCash, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TripCash", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TripCash" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TripCash",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TripCash"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
} }

128
2018/13xxx/CVE-2018-13711.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13711", "ID": "CVE-2018-13711",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for Databits, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for Databits, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Databits", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Databits" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Databits",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Databits"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
} }

32
2018/13xxx/CVE-2018-13835.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13835", "ID": "CVE-2018-13835",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/17xxx/CVE-2018-17613.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17613", "ID": "CVE-2018-17613",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Telegram Desktop (aka tdesktop) 1.3.16 alpha, when \"Use proxy\" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://seclists.org/oss-sec/2018/q3/280", "description_data": [
"refsource" : "MISC", {
"url" : "https://seclists.org/oss-sec/2018/q3/280" "lang": "eng",
}, "value": "Telegram Desktop (aka tdesktop) 1.3.16 alpha, when \"Use proxy\" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol."
{ }
"name" : "https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html", ]
"refsource" : "MISC", },
"url" : "https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://seclists.org/oss-sec/2018/q3/280",
"refsource": "MISC",
"url": "https://seclists.org/oss-sec/2018/q3/280"
},
{
"name": "https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html",
"refsource": "MISC",
"url": "https://www.inputzero.io/2018/09/telegram-share-password-in-cleartext.html"
}
]
}
} }