admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:58:43 +00:00
parent 634079e104
commit 04360ab419
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 4128 additions and 4128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2003/0xxx/CVE-2003-0274.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0274",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0274",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remote attackers to execute arbitrary code via a long ULISTPROC_UMASK value."
"lang": "eng",
"value": "Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remote attackers to execute arbitrary code via a long ULISTPROC_UMASK value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030508 SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105241224228693&w=2"
"name": "20030508 SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105241224228693&w=2"
}
]
}

104
2003/0xxx/CVE-2003-0286.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0286",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0286",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable."
"lang": "eng",
"value": "SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030512 Snitz Forum 3.3.03 Remote Command Execution",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0067.html"
"name": "snitz-register-sql-injection(11981)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11981"
},
{
"name" : "20030513 Snitz Forum 3.3.03 Remote Command Execution",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105277599131134&w=2"
"name": "http://packetstormsecurity.org/0305-exploits/snitz_exec.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0305-exploits/snitz_exec.txt"
},
{
"name" : "http://packetstormsecurity.org/0305-exploits/snitz_exec.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0305-exploits/snitz_exec.txt"
"name": "20030513 Snitz Forum 3.3.03 Remote Command Execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105277599131134&w=2"
},
{
"name" : "7549",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7549"
"name": "35733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35733"
},
{
"name" : "35764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35764"
"name": "20030512 Snitz Forum 3.3.03 Remote Command Execution",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0067.html"
},
{
"name" : "56166",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56166"
"name": "56166",
"refsource": "OSVDB",
"url": "http://osvdb.org/56166"
},
{
"name" : "35733",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35733"
"name": "35764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35764"
},
{
"name" : "snitz-register-sql-injection(11981)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11981"
"name": "7549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7549"
}
]
}

254
2003/0xxx/CVE-2003-0989.json
View File

@ -1,221 +1,221 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0989",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0989",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057."
"lang": "eng",
"value": "tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/350238/30/21640/threaded"
"name": "20040202-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
},
{
"name" : "[fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1",
"refsource" : "MLIST",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html"
"name": "FEDORA-2004-090",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html"
},
{
"name" : "APPLE-SA-2004-02-23",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html"
"name": "10718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10718"
},
{
"name" : "CSSA-2004-008.0",
"refsource" : "CALDERA",
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt"
"name": "SCOSA-2004.9",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt"
},
{
"name" : "ESA-20040119-002",
"refsource" : "ENGARDE",
"url" : "http://lwn.net/Alerts/66805/"
"name": "RHSA-2004:008",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-008.html"
},
{
"name" : "FLSA:1222",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html"
"name": "FLSA:1222",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html"
},
{
"name" : "FEDORA-2004-090",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html"
"name": "11032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11032/"
},
{
"name" : "FEDORA-2004-092",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html"
"name": "10668",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10668"
},
{
"name" : "SCOSA-2004.9",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt"
"name": "CSSA-2004-008.0",
"refsource": "CALDERA",
"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt"
},
{
"name" : "20040202-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
"name": "[fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1",
"refsource": "MLIST",
"url": "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html"
},
{
"name" : "RHSA-2004:007",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-007.html"
"name": "10637",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10637"
},
{
"name" : "RHSA-2004:008",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-008.html"
"name": "11022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11022"
},
{
"name" : "DSA-425",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-425"
"name": "10636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10636"
},
{
"name" : "MDKSA-2004:008",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:008"
"name": "9507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9507"
},
{
"name" : "20040103-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc"
"name": "20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107577418225627&w=2"
},
{
"name" : "20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107577418225627&w=2"
"name": "1008716",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1008716"
},
{
"name" : "2004-0004",
"refsource" : "TRUSTIX",
"url" : "http://lwn.net/Alerts/66445/"
"name": "ESA-20040119-002",
"refsource": "ENGARDE",
"url": "http://lwn.net/Alerts/66805/"
},
{
"name" : "VU#738518",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/738518"
"name": "12179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12179/"
},
{
"name" : "9507",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9507"
"name": "10644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10644"
},
{
"name" : "oval:org.mitre.oval:def:847",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A847"
"name": "VU#738518",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/738518"
},
{
"name" : "oval:org.mitre.oval:def:852",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A852"
"name": "MDKSA-2004:008",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:008"
},
{
"name" : "oval:org.mitre.oval:def:10599",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10599"
"name": "20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/350238/30/21640/threaded"
},
{
"name" : "1008716",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1008716"
"name": "RHSA-2004:007",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-007.html"
},
{
"name" : "10636",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10636"
"name": "20040103-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc"
},
{
"name" : "10637",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10637"
"name": "oval:org.mitre.oval:def:847",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A847"
},
{
"name" : "10639",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10639"
"name": "DSA-425",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-425"
},
{
"name" : "10644",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10644"
"name": "10652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10652"
},
{
"name" : "10652",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10652"
"name": "oval:org.mitre.oval:def:852",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A852"
},
{
"name" : "10668",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10668"
"name": "oval:org.mitre.oval:def:10599",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10599"
},
{
"name" : "10718",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10718"
"name": "APPLE-SA-2004-02-23",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html"
},
{
"name" : "11022",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11022"
"name": "10639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10639"
},
{
"name" : "11032",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11032/"
"name": "FEDORA-2004-092",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html"
},
{
"name" : "12179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12179/"
"name": "2004-0004",
"refsource": "TRUSTIX",
"url": "http://lwn.net/Alerts/66445/"
}
]
}

86
2003/1xxx/CVE-2003-1167.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1167",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1167",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program."
"lang": "eng",
"value": "misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20031028 Local root vuln in kpopup",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/342736"
"name": "2742",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2742"
},
{
"name" : "8915",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8915"
"name": "kpopup-systemcall-execute-code(13540)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13540"
},
{
"name" : "2742",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/2742"
"name": "8915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8915"
},
{
"name" : "10105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10105"
"name": "20031028 Local root vuln in kpopup",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/342736"
},
{
"name" : "kpopup-systemcall-execute-code(13540)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13540"
"name": "10105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10105"
}
]
}

164
2004/0xxx/CVE-2004-0084.json
View File

@ -1,146 +1,146 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0084",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0084",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106."
"lang": "eng",
"value": "Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107662833512775&w=2"
"name": "oval:org.mitre.oval:def:831",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831"
},
{
"name" : "http://www.idefense.com/application/poi/display?id=73",
"refsource" : "MISC",
"url" : "http://www.idefense.com/application/poi/display?id=73"
"name": "SuSE-SA:2004:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
},
{
"name" : "CLA-2004:821",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821"
"name": "VU#667502",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/667502"
},
{
"name" : "DSA-443",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-443"
"name": "RHSA-2004:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-060.html"
},
{
"name" : "FLSA:2314",
"refsource" : "FEDORA",
"url" : "http://marc.info/?l=bugtraq&m=110979666528890&w=2"
"name": "57768",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1"
},
{
"name" : "RHSA-2004:059",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-059.html"
"name": "CLA-2004:821",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821"
},
{
"name" : "RHSA-2004:060",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-060.html"
"name": "xfree86-copyisolatin1lLowered-bo(15200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200"
},
{
"name" : "RHSA-2004:061",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-061.html"
"name": "oval:org.mitre.oval:def:807",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807"
},
{
"name" : "SSA:2004-043",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053"
"name": "FLSA:2314",
"refsource": "FEDORA",
"url": "http://marc.info/?l=bugtraq&m=110979666528890&w=2"
},
{
"name" : "57768",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57768-1"
"name": "DSA-443",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-443"
},
{
"name" : "SuSE-SA:2004:006",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2004_06_xf86.html"
"name": "20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107662833512775&w=2"
},
{
"name" : "MDKSA-2004:012",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
"name": "oval:org.mitre.oval:def:10405",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405"
},
{
"name" : "VU#667502",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/667502"
"name": "9652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9652"
},
{
"name" : "9652",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9652"
"name": "MDKSA-2004:012",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:012"
},
{
"name" : "oval:org.mitre.oval:def:807",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A807"
"name": "http://www.idefense.com/application/poi/display?id=73",
"refsource": "MISC",
"url": "http://www.idefense.com/application/poi/display?id=73"
},
{
"name" : "oval:org.mitre.oval:def:831",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A831"
"name": "RHSA-2004:059",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-059.html"
},
{
"name" : "oval:org.mitre.oval:def:10405",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10405"
"name": "RHSA-2004:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-061.html"
},
{
"name" : "xfree86-copyisolatin1lLowered-bo(15200)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15200"
"name": "SSA:2004-043",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053"
}
]
}

110
2004/0xxx/CVE-2004-0487.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0487",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0487",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs."
"lang": "eng",
"value": "A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040521 [SNS Advisory No.72] Symantec Norton AntiVirus 2004 ActiveX Control Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108515369718455&w=2"
"name": "20040521 [SNS Advisory No.72] Symantec Norton AntiVirus 2004 ActiveX Control Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108515369718455&w=2"
},
{
"name" : "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/72_e.html",
"refsource" : "MISC",
"url" : "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/72_e.html"
"name": "nav-activex-code-execution(16220)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16220"
},
{
"name" : "http://www.symantec.com/avcenter/security/Content/2004.05.20.html",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/avcenter/security/Content/2004.05.20.html"
"name": "O-149",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-149.shtml"
},
{
"name" : "VU#312510",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/312510"
"name": "VU#312510",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/312510"
},
{
"name" : "O-149",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/o-149.shtml"
"name": "http://www.symantec.com/avcenter/security/Content/2004.05.20.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2004.05.20.html"
},
{
"name" : "10392",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10392"
"name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/72_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/72_e.html"
},
{
"name" : "6303",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6303"
"name": "11676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11676"
},
{
"name" : "11676",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11676"
"name": "10392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10392"
},
{
"name" : "nav-activex-code-execution(16220)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16220"
"name": "6303",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6303"
}
]
}

68
2004/0xxx/CVE-2004-0915.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0915",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0915",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information."
"lang": "eng",
"value": "Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "DSA-605",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-605"
"name": "DSA-605",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-605"
},
{
"name" : "viewcvs-repository-weak-security(18369)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18369"
"name": "viewcvs-repository-weak-security(18369)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18369"
}
]
}

80
2004/2xxx/CVE-2004-2527.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2527",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2527",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+\"U\" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running."
"lang": "eng",
"value": "The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+\"U\" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040801 Remotely Exploitable DoS Flaw in XP and 2003",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1313.html"
"name": "1010836",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010836"
},
{
"name" : "8368",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/8368"
"name": "8368",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8368"
},
{
"name" : "1010836",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1010836"
"name": "win-winkey-u-dos(16851)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16851"
},
{
"name" : "win-winkey-u-dos(16851)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16851"
"name": "20040801 Remotely Exploitable DoS Flaw in XP and 2003",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1313.html"
}
]
}

92
2004/2xxx/CVE-2004-2729.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2729",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2729",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections."
"lang": "eng",
"value": "Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.uniras.gov.uk/vuls/2004/841713/index.htm",
"refsource" : "MISC",
"url" : "http://www.uniras.gov.uk/vuls/2004/841713/index.htm"
"name": "hummingbird-inetd32-gain-privileges(17854)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17854"
},
{
"name" : "11539",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11539"
"name": "11132",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11132"
},
{
"name" : "11132",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/11132"
"name": "1011942",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011942"
},
{
"name" : "1011942",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011942"
"name": "11539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11539"
},
{
"name" : "12984",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12984"
"name": "12984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12984"
},
{
"name" : "hummingbird-inetd32-gain-privileges(17854)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17854"
"name": "http://www.uniras.gov.uk/vuls/2004/841713/index.htm",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/vuls/2004/841713/index.htm"
}
]
}

74
2008/2xxx/CVE-2008-2346.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2346",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2346",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php."
"lang": "eng",
"value": "AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass authentication and gain administrative access by creating an admin account via a direct request to adduser.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5645",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5645"
"name": "alkalinephp-adduser-security-bypass(42502)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42502"
},
{
"name" : "29267",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29267"
"name": "29267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29267"
},
{
"name" : "alkalinephp-adduser-security-bypass(42502)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42502"
"name": "5645",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5645"
}
]
}

74
2008/2xxx/CVE-2008-2414.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2414",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2414",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in send_email.php in AN Guestbook (ANG) 0.4 allows remote attackers to inject arbitrary web script or HTML via the postid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.z0rlu.ownspace.org/index.php?/archives/86-ANG-AN-Guestbook-version-0.4-xss.html",
"refsource" : "MISC",
"url" : "http://www.z0rlu.ownspace.org/index.php?/archives/86-ANG-AN-Guestbook-version-0.4-xss.html"
"name": "29254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29254"
},
{
"name" : "29254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29254"
"name": "anguestbook-sendemail-xss(42489)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42489"
},
{
"name" : "anguestbook-sendemail-xss(42489)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42489"
"name": "http://www.z0rlu.ownspace.org/index.php?/archives/86-ANG-AN-Guestbook-version-0.4-xss.html",
"refsource": "MISC",
"url": "http://www.z0rlu.ownspace.org/index.php?/archives/86-ANG-AN-Guestbook-version-0.4-xss.html"
}
]
}

86
2008/2xxx/CVE-2008-2570.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2570",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2570",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors."
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=74605&release_id=603922",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=74605&release_id=603922"
"name": "limesurvey-multiple-unspecified(42806)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42806"
},
{
"name" : "http://www.limesurvey.org/content/view/102/1/lang,en/",
"refsource" : "CONFIRM",
"url" : "http://www.limesurvey.org/content/view/102/1/lang,en/"
"name": "29506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29506"
},
{
"name" : "29506",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29506"
"name": "30495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30495"
},
{
"name" : "30495",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30495"
"name": "http://sourceforge.net/project/shownotes.php?group_id=74605&release_id=603922",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=74605&release_id=603922"
},
{
"name" : "limesurvey-multiple-unspecified(42806)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42806"
"name": "http://www.limesurvey.org/content/view/102/1/lang,en/",
"refsource": "CONFIRM",
"url": "http://www.limesurvey.org/content/view/102/1/lang,en/"
}
]
}

92
2008/2xxx/CVE-2008-2756.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2756",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2756",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080611 Xigla Multiple Products - Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=121322052622903&w=2"
"name": "http://bugreport.ir/index.php?/41",
"refsource": "MISC",
"url": "http://bugreport.ir/index.php?/41"
},
{
"name" : "http://bugreport.ir/index.php?/41",
"refsource" : "MISC",
"url" : "http://bugreport.ir/index.php?/41"
"name": "29672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29672"
},
{
"name" : "29672",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29672"
"name": "absolutecontrolpanel-users-xss(43048)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43048"
},
{
"name" : "30609",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30609"
"name": "30609",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30609"
},
{
"name" : "3950",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3950"
"name": "20080611 Xigla Multiple Products - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=121322052622903&w=2"
},
{
"name" : "absolutecontrolpanel-users-xss(43048)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43048"
"name": "3950",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3950"
}
]
}

62
2008/6xxx/CVE-2008-6341.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6341",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6341",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20081222-4/"
}
]
}

80
2008/6xxx/CVE-2008-6771.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6771",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6771",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function."
"lang": "eng",
"value": "YourPlace 1.0.2 and earlier allows remote attackers to obtain sensitive system information via a direct request via a direct request to user/uploads/phpinfo.php, which calls the phpinfo function."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "7545",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7545"
"name": "yourplace-phpinfo-information-disclosure(47563)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47563"
},
{
"name" : "32971",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32971"
"name": "32971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32971"
},
{
"name" : "33272",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33272"
"name": "7545",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7545"
},
{
"name" : "yourplace-phpinfo-information-disclosure(47563)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47563"
"name": "33272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33272"
}
]
}

134
2012/1xxx/CVE-2012-1262.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1262",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1262",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20120224 TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2012/Feb/407"
"name": "http://packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html"
},
{
"name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt"
"name": "20120224 TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Feb/407"
},
{
"name" : "http://packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/110203/Movable-Type-Publishing-Platform-Cross-Site-Scripting.html"
"name": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
},
{
"name" : "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html",
"refsource" : "CONFIRM",
"url" : "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
"name": "52138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52138"
},
{
"name" : "http://www.movabletype.org/documentation/appendices/release-notes/513.html",
"refsource" : "CONFIRM",
"url" : "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
"name": "DSA-2423",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2423"
},
{
"name" : "DSA-2423",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2423"
"name": "1026738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026738"
},
{
"name" : "JVN#49836527",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN49836527/index.html"
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt"
},
{
"name" : "JVNDB-2012-000016",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000016"
"name": "http://www.movabletype.org/documentation/appendices/release-notes/513.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name" : "52138",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52138"
"name": "JVNDB-2012-000016",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000016"
},
{
"name" : "79470",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/79470"
"name": "movable-type-publishing-mtwizard-xss(73480)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73480"
},
{
"name" : "1026738",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026738"
"name": "movable-type-mtwizard-xss(73411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73411"
},
{
"name" : "movable-type-mtwizard-xss(73411)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73411"
"name": "JVN#49836527",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49836527/index.html"
},
{
"name" : "movable-type-publishing-mtwizard-xss(73480)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73480"
"name": "79470",
"refsource": "OSVDB",
"url": "http://osvdb.org/79470"
}
]
}

92
2012/1xxx/CVE-2012-1503.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1503",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1503",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Apart KK) Movable Type (MT) Pro 5.13 allows remote attackers to inject arbitrary web script or HTML via the comment section."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "22151",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/22151"
"name": "22151",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/22151"
},
{
"name" : "http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html"
"name": "86729",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/86729"
},
{
"name" : "http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html",
"refsource" : "MISC",
"url" : "http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html"
"name": "http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html",
"refsource": "MISC",
"url": "http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html"
},
{
"name" : "56160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56160"
"name": "56160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56160"
},
{
"name" : "86729",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/86729"
"name": "movabletype-mt513en-xss(79521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79521"
},
{
"name" : "movabletype-mt513en-xss(79521)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79521"
"name": "http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/117564/Movable-Type-Pro-5.13en-Cross-Site-Scripting.html"
}
]
}

110
2012/1xxx/CVE-2012-1530.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1530",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1530",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the XSLT engine in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing an XSL file that triggers memory corruption when the lang function processes XML data with a crafted node-set."
"lang": "eng",
"value": "Heap-based buffer overflow in the XSLT engine in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing an XSL file that triggers memory corruption when the lang function processes XML data with a crafted node-set."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20130108 Adobe Reader and Acrobat XSLT node() and lang() Memory Corruption Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1019"
"name": "SUSE-SU-2013:0044",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html"
"name": "20130108 Adobe Reader and Acrobat XSLT node() and lang() Memory Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1019"
},
{
"name" : "GLSA-201308-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml"
"name": "oval:org.mitre.oval:def:16094",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16094"
},
{
"name" : "RHSA-2013:0150",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0150.html"
"name": "SUSE-SU-2013:0047",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html"
},
{
"name" : "SUSE-SU-2013:0044",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html"
"name": "openSUSE-SU-2013:0193",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html"
},
{
"name" : "SUSE-SU-2013:0047",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html"
"name": "openSUSE-SU-2013:0138",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html"
},
{
"name" : "openSUSE-SU-2013:0138",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html"
"name": "http://www.adobe.com/support/security/bulletins/apsb13-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-02.html"
},
{
"name" : "openSUSE-SU-2013:0193",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html"
"name": "RHSA-2013:0150",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0150.html"
},
{
"name" : "oval:org.mitre.oval:def:16094",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16094"
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}

92
2012/1xxx/CVE-2012-1643.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1643",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1643",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the \"administer permissions\" permission, which allows remote attackers to modify access permissions via unspecified vectors."
"lang": "eng",
"value": "The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the \"administer permissions\" permission, which allows remote attackers to modify access permissions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1"
"name": "https://drupal.org/node/1441448",
"refsource": "MISC",
"url": "https://drupal.org/node/1441448"
},
{
"name" : "https://drupal.org/node/1441448",
"refsource" : "MISC",
"url" : "https://drupal.org/node/1441448"
"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name" : "http://drupal.org/node/1441556",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1441556"
"name": "http://drupal.org/node/1441556",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1441556"
},
{
"name" : "http://drupalcode.org/project/fp.git/commitdiff/39e7587",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/fp.git/commitdiff/39e7587"
"name": "79316",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79316"
},
{
"name" : "79316",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/79316"
"name": "48019",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48019"
},
{
"name" : "48019",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48019"
"name": "http://drupalcode.org/project/fp.git/commitdiff/39e7587",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/fp.git/commitdiff/39e7587"
}
]
}

74
2012/1xxx/CVE-2012-1867.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1867",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-1867",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka \"Font Resource Refcount Integer Overflow Vulnerability.\""
"lang": "eng",
"value": "Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka \"Font Resource Refcount Integer Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS12-041",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-041"
"name": "TA12-164A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
},
{
"name" : "TA12-164A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
"name": "oval:org.mitre.oval:def:15510",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15510"
},
{
"name" : "oval:org.mitre.oval:def:15510",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15510"
"name": "MS12-041",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-041"
}
]
}

80
2012/1xxx/CVE-2012-1899.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1899",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1899",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name, (2) Last name or (3) Email (required) fields."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name, (2) Last name or (3) Email (required) fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://ivanobinetti.blogspot.com/2012/03/webfolio-114-multiple-xss.html",
"refsource" : "MISC",
"url" : "http://ivanobinetti.blogspot.com/2012/03/webfolio-114-multiple-xss.html"
"name": "http://ivanobinetti.blogspot.com/2012/03/webfolio-114-multiple-xss.html",
"refsource": "MISC",
"url": "http://ivanobinetti.blogspot.com/2012/03/webfolio-114-multiple-xss.html"
},
{
"name" : "http://packetstormsecurity.org/files/110524/Webfolio-CMS-1.1.4-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/110524/Webfolio-CMS-1.1.4-Cross-Site-Scripting.html"
"name": "webfoliocms-multiple-xss(73738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73738"
},
{
"name" : "52335",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52335"
"name": "http://packetstormsecurity.org/files/110524/Webfolio-CMS-1.1.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/110524/Webfolio-CMS-1.1.4-Cross-Site-Scripting.html"
},
{
"name" : "webfoliocms-multiple-xss(73738)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73738"
"name": "52335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52335"
}
]
}

62
2012/5xxx/CVE-2012-5337.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5337",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5337",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.zerodaylab.com/zdl-advisories/2012-5337.html",
"refsource" : "MISC",
"url" : "http://www.zerodaylab.com/zdl-advisories/2012-5337.html"
"name": "http://www.zerodaylab.com/zdl-advisories/2012-5337.html",
"refsource": "MISC",
"url": "http://www.zerodaylab.com/zdl-advisories/2012-5337.html"
}
]
}

22
2012/5xxx/CVE-2012-5364.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5364",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5364",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

92
2012/5xxx/CVE-2012-5641.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5641",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5641",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in the default URI."
"lang": "eng",
"value": "Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in the default URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20130114 CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2013/Jan/81"
"name": "57313",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57313"
},
{
"name" : "https://github.com/melkote/mochiweb/commit/ac2bf",
"refsource" : "CONFIRM",
"url" : "https://github.com/melkote/mochiweb/commit/ac2bf"
"name": "20130114 CVE-2012-5641 Apache CouchDB Information disclosure via unescaped backslashes in URLs on Windows",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jan/81"
},
{
"name" : "https://github.com/mochi/mochiweb/issues/92",
"refsource" : "CONFIRM",
"url" : "https://github.com/mochi/mochiweb/issues/92"
"name": "51765",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51765"
},
{
"name" : "57313",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57313"
"name": "https://github.com/mochi/mochiweb/issues/92",
"refsource": "CONFIRM",
"url": "https://github.com/mochi/mochiweb/issues/92"
},
{
"name" : "51765",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51765"
"name": "apache-couchdb-dir-traversal(81240)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81240"
},
{
"name" : "apache-couchdb-dir-traversal(81240)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81240"
"name": "https://github.com/melkote/mochiweb/commit/ac2bf",
"refsource": "CONFIRM",
"url": "https://github.com/melkote/mochiweb/commit/ac2bf"
}
]
}

22
2012/5xxx/CVE-2012-5733.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5733",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5733",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2012/5xxx/CVE-2012-5802.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5802",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5802",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
"lang": "eng",
"value": "The PayPal module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource" : "MISC",
"url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
"name": "paypal-ubercart-ssl-spoofing(79949)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79949"
},
{
"name" : "paypal-ubercart-ssl-spoofing(79949)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79949"
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
]
}

64
2017/11xxx/CVE-2017-11081.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00",
"ID" : "CVE-2017-11081",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-11081",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer overflow vulnerability in hdd_parse_setrmcenable_command and hdd_parse_setrmcactionperiod_command APIs as buffers defined in this API can hold maximum 32 bytes but data more than 32 bytes can get copied."
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer overflow vulnerability in hdd_parse_setrmcenable_command and hdd_parse_setrmcactionperiod_command APIs as buffers defined in this API can hold maximum 32 bytes but data more than 32 bytes can get copied."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in WLAN"
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in WLAN"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-01-01"
"name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
]
}

22
2017/11xxx/CVE-2017-11599.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11599",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11599",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2017/11xxx/CVE-2017-11661.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11661",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11661",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file."
"lang": "eng",
"value": "The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "42433",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42433/"
"name": "42433",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42433/"
},
{
"name" : "20170808 wildmidi multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Aug/12"
"name": "20170808 wildmidi multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Aug/12"
}
]
}

82
2017/11xxx/CVE-2017-11802.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-10-10T00:00:00",
"ID" : "CVE-2017-11802",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11802",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "ChakraCore, Microsoft Edge",
"version" : {
"version_data" : [
"product_name": "ChakraCore, Microsoft Edge",
"version": {
"version_data": [
{
"version_value" : "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
"version_value": "ChakraCore, Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821."
"lang": "eng",
"value": "ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "43000",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43000/"
"name": "1039529",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039529"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11802",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11802"
"name": "43000",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43000/"
},
{
"name" : "101130",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101130"
"name": "101130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101130"
},
{
"name" : "1039529",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039529"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11802",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11802"
}
]
}

22
2017/11xxx/CVE-2017-11997.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11997",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11997",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

76
2017/3xxx/CVE-2017-3165.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2017-02-10T00:00:00",
"ID" : "CVE-2017-3165",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-02-10T00:00:00",
"ID": "CVE-2017-3165",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Apache Brooklyn",
"version" : {
"version_data" : [
"product_name": "Apache Brooklyn",
"version": {
"version_data": [
{
"version_value" : "0.9.0 and all prior versions"
"version_value": "0.9.0 and all prior versions"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability."
"lang": "eng",
"value": "In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to be a proof-of-concept exploit using this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-site scripting"
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[dev] 20170210 [SECURITY] CVE-2017-3165: Cross-site vulnerabilities in Apache Brooklyn",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/5aa6b7583edbfc1f5653607003204326d9e27ef65e8af356c798b21c@%3Cdev.brooklyn.apache.org%3E"
"name": "96228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96228"
},
{
"name" : "https://brooklyn.apache.org/community/security/CVE-2017-3165.html",
"refsource" : "CONFIRM",
"url" : "https://brooklyn.apache.org/community/security/CVE-2017-3165.html"
"name": "https://brooklyn.apache.org/community/security/CVE-2017-3165.html",
"refsource": "CONFIRM",
"url": "https://brooklyn.apache.org/community/security/CVE-2017-3165.html"
},
{
"name" : "96228",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96228"
"name": "[dev] 20170210 [SECURITY] CVE-2017-3165: Cross-site vulnerabilities in Apache Brooklyn",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5aa6b7583edbfc1f5653607003204326d9e27ef65e8af356c798b21c@%3Cdev.brooklyn.apache.org%3E"
}
]
}

86
2017/3xxx/CVE-2017-3280.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3280",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3280",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Partner Management",
"version" : {
"version_data" : [
"product_name": "Partner Management",
"version": {
"version_data": [
{
"version_value" : "12.1.1"
"version_value": "12.1.1"
},
{
"version_value" : "12.1.2"
"version_value": "12.1.2"
},
{
"version_value" : "12.1.3"
"version_value": "12.1.3"
},
{
"version_value" : "12.2.3"
"version_value": "12.2.3"
},
{
"version_value" : "12.2.4"
"version_value": "12.2.4"
},
{
"version_value" : "12.2.5"
"version_value": "12.2.5"
},
{
"version_value" : "12.2.6"
"version_value": "12.2.6"
}
]
}
}
]
},
"vendor_name" : "Oracle"
"vendor_name": "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts)."
"lang": "eng",
"value": "Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
"name": "1037639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037639"
},
{
"name" : "95577",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95577"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "1037639",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037639"
"name": "95577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95577"
}
]
}

76
2017/3xxx/CVE-2017-3297.json
View File

@ -1,74 +1,74 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3297",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3297",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "FLEXCUBE Direct Banking",
"version" : {
"version_data" : [
"product_name": "FLEXCUBE Direct Banking",
"version": {
"version_data": [
{
"version_value" : "12.0.2"
"version_value": "12.0.2"
},
{
"version_value" : "12.0.3"
"version_value": "12.0.3"
}
]
}
}
]
},
"vendor_name" : "Oracle"
"vendor_name": "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Framework). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts)."
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Framework). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
"name": "95603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95603"
},
{
"name" : "95603",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95603"
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name" : "1037636",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037636"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}

78
2017/3xxx/CVE-2017-3314.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3314",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3314",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "FLEXCUBE Universal Banking",
"version" : {
"version_data" : [
"product_name": "FLEXCUBE Universal Banking",
"version": {
"version_data": [
{
"version_value" : "12.0.0"
"version_value": "12.0.0"
},
{
"version_value" : "12.1.0"
"version_value": "12.1.0"
},
{
"version_value" : "12.2.0"
"version_value": "12.2.0"
}
]
}
}
]
},
"vendor_name" : "Oracle"
"vendor_name": "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.0, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.0, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
"name": "95549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95549"
},
{
"name" : "95549",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95549"
"name": "1037636",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037636"
},
{
"name" : "1037636",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037636"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}

68
2017/7xxx/CVE-2017-7282.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7282",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7282",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI)."
"lang": "eng",
"value": "An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the filesystem that the web server has access to, aka Local File Inclusion (LFI)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-2/",
"refsource" : "MISC",
"url" : "https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-2/"
"name": "https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcWGAA0/000005558?r=1",
"refsource": "MISC",
"url": "https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcWGAA0/000005558?r=1"
},
{
"name" : "https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcWGAA0/000005558?r=1",
"refsource" : "MISC",
"url" : "https://support.unitrends.com/UnitrendsBackup/s/article/ka640000000CcWGAA0/000005558?r=1"
"name": "https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-2/",
"refsource": "MISC",
"url": "https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-2/"
}
]
}

106
2017/7xxx/CVE-2017-7482.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2017-7482",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7482",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "kernel:",
"version" : {
"version_data" : [
"product_name": "kernel:",
"version": {
"version_data": [
{
"version_value" : "4.12"
"version_value": "4.12"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation."
"lang": "eng",
"value": "In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation."
}
]
},
"impact" : {
"cvss" : [
"impact": {
"cvss": [
[
{
"vectorString" : "7.1/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version" : "3.0"
"vectorString": "7.1/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-190"
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20170626 CVE-2017-7482 Linux kernel: krb5 ticket decode len check.",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2017/q2/602"
"name": "99299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99299"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482"
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0"
},
{
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0",
"refsource" : "CONFIRM",
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f2f97656ada8d811d3c1bef503ced266fcd53a0"
"name": "1038787",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038787"
},
{
"name" : "DSA-3927",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3927"
"name": "DSA-3927",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3927"
},
{
"name" : "DSA-3945",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3945"
"name": "DSA-3945",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3945"
},
{
"name" : "99299",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99299"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7482"
},
{
"name" : "1038787",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038787"
"name": "[oss-security] 20170626 CVE-2017-7482 Linux kernel: krb5 ticket decode len check.",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q2/602"
}
]
}

74
2017/7xxx/CVE-2017-7732.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@fortinet.com",
"ID" : "CVE-2017-7732",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7732",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests."
"lang": "eng",
"value": "A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://fortiguard.com/psirt/FG-IR-17-099",
"refsource" : "CONFIRM",
"url" : "https://fortiguard.com/psirt/FG-IR-17-099"
"name": "1039584",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039584"
},
{
"name" : "101278",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101278"
"name": "https://fortiguard.com/psirt/FG-IR-17-099",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-099"
},
{
"name" : "1039584",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039584"
"name": "101278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101278"
}
]
}

68
2017/7xxx/CVE-2017-7903.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-7903",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-7903",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400",
"version" : {
"version_data" : [
"product_name": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400",
"version": {
"version_data": [
{
"version_value" : "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400"
"version_value": "Rockwell Automation Allen-Bradley MicroLogix 1100 and 1400"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password."
"lang": "eng",
"value": "A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-521"
"lang": "eng",
"value": "CWE-521"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"
"name": "1038546",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038546"
},
{
"name" : "1038546",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038546"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04"
}
]
}

22
2017/8xxx/CVE-2017-8091.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8091",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8091",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

82
2017/8xxx/CVE-2017-8607.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00",
"ID" : "CVE-2017-8607",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-8607",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016",
"version" : {
"version_data" : [
"product_name": "Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016",
"version": {
"version_data": [
{
"version_value" : "Microsoft browsers"
"version_value": "Microsoft browsers"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609"
"lang": "eng",
"value": "Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609"
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8607",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8607"
"name": "1038848",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038848"
},
{
"name" : "99410",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99410"
"name": "1038849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038849"
},
{
"name" : "1038848",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038848"
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8607",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8607"
},
{
"name" : "1038849",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038849"
"name": "99410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99410"
}
]
}

22
2017/8xxx/CVE-2017-8612.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8612",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8612",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

76
2017/8xxx/CVE-2017-8982.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2018-01-24T00:00:00",
"ID" : "CVE-2017-8982",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2018-01-24T00:00:00",
"ID": "CVE-2017-8982",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Intelligent Management Center (iMC) PLAT",
"version" : {
"version_data" : [
"product_name": "Intelligent Management Center (iMC) PLAT",
"version": {
"version_data": [
{
"version_value" : "7.3 E0504P4"
"version_value": "7.3 E0504P4"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found."
"lang": "eng",
"value": "A Remote Authentication Restriction Bypass vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Authentication Restriction Bypass"
"lang": "eng",
"value": "Remote Authentication Restriction Bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "44648",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44648/"
"name": "1040283",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040283"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03809en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03809en_us"
"name": "44648",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44648/"
},
{
"name" : "1040283",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040283"
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03809en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03809en_us"
}
]
}

22
2018/10xxx/CVE-2018-10013.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10013",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10013",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/10xxx/CVE-2018-10431.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10431",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10431",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen."
"lang": "eng",
"value": "D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell metacharacters in the Host field of the System / Traceroute screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/imsebao/404team/blob/master/dlink/dlink_dir615_rce.md",
"refsource" : "MISC",
"url" : "https://github.com/imsebao/404team/blob/master/dlink/dlink_dir615_rce.md"
"name": "https://github.com/imsebao/404team/blob/master/dlink/dlink_dir615_rce.md",
"refsource": "MISC",
"url": "https://github.com/imsebao/404team/blob/master/dlink/dlink_dir615_rce.md"
}
]
}

68
2018/10xxx/CVE-2018-10565.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10565",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10565",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7."
"lang": "eng",
"value": "XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20180501 XSS in Flexense DiskSavvy, affects all versions",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/6"
"name": "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions",
"refsource": "MISC",
"url": "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions"
},
{
"name" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions",
"refsource" : "MISC",
"url" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions"
"name": "20180501 XSS in Flexense DiskSavvy, affects all versions",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/6"
}
]
}

64
2018/12xxx/CVE-2018-12548.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "emo@eclipse.org",
"ID" : "CVE-2018-12548",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2018-12548",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Eclipse OpenJ9",
"version" : {
"version_data" : [
"product_name": "Eclipse OpenJ9",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "0.11.0"
"version_affected": "=",
"version_value": "0.11.0"
}
]
}
}
]
},
"vendor_name" : "The Eclipse Foundation"
"vendor_name": "The Eclipse Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code."
"lang": "eng",
"value": "In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-822: Untrusted Pointer Dereference"
"lang": "eng",
"value": "CWE-822: Untrusted Pointer Dereference"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543792",
"refsource" : "CONFIRM",
"url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543792"
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543792",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=543792"
}
]
}

80
2018/12xxx/CVE-2018-12571.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12571",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12571",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome."
"lang": "eng",
"value": "uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20180702 Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jul/2"
"name": "20180702 Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/2"
},
{
"name" : "20180702 Re: Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jul/7"
"name": "1041212",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041212"
},
{
"name" : "http://packetstormsecurity.com/files/148389/Microsoft-Forefront-Unified-Access-Gateway-2010-External-DNS-Interaction.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148389/Microsoft-Forefront-Unified-Access-Gateway-2010-External-DNS-Interaction.html"
"name": "http://packetstormsecurity.com/files/148389/Microsoft-Forefront-Unified-Access-Gateway-2010-External-DNS-Interaction.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148389/Microsoft-Forefront-Unified-Access-Gateway-2010-External-DNS-Interaction.html"
},
{
"name" : "1041212",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041212"
"name": "20180702 Re: Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/7"
}
]
}

80
2018/12xxx/CVE-2018-12611.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12611",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12611",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "OX App Suite 7.8.4 and earlier allows Directory Traversal."
"lang": "eng",
"value": "OX App Suite 7.8.4 and earlier allows Directory Traversal."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20190104 Open-Xchange Security Advisory 2018-12-31",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2019/Jan/10"
"name": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf"
},
{
"name" : "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf",
"refsource" : "CONFIRM",
"url" : "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
"name": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf",
"refsource": "CONFIRM",
"url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4791_7.8.4_2018-06-25.pdf"
},
{
"name" : "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf",
"refsource" : "CONFIRM",
"url" : "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
"name": "20190104 Open-Xchange Security Advisory 2018-12-31",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/10"
},
{
"name" : "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf",
"refsource" : "CONFIRM",
"url" : "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_4789_7.6.3_2018-06-25.pdf"
"name": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf",
"refsource": "CONFIRM",
"url": "https://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_4790_7.8.3_2018-06-25.pdf"
}
]
}

80
2018/12xxx/CVE-2018-12998.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12998",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12998",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet."
"lang": "eng",
"value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20180720 [CVE-2018-12998]Zoho manageengine Reflected XSS in multiple Products",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jul/75"
"name": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
},
{
"name" : "https://github.com/unh3x/just4cve/issues/10",
"refsource" : "MISC",
"url" : "https://github.com/unh3x/just4cve/issues/10"
"name": "https://github.com/unh3x/just4cve/issues/10",
"refsource": "MISC",
"url": "https://github.com/unh3x/just4cve/issues/10"
},
{
"name" : "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036",
"refsource" : "MISC",
"url" : "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036"
"name": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036",
"refsource": "MISC",
"url": "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036"
},
{
"name" : "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"
"name": "20180720 [CVE-2018-12998]Zoho manageengine Reflected XSS in multiple Products",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/75"
}
]
}

62
2018/13xxx/CVE-2018-13116.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13116",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13116",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table."
"lang": "eng",
"value": "/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/actionyz/ZZCMS/blob/master/SQL/1/del.php.md",
"refsource" : "MISC",
"url" : "https://github.com/actionyz/ZZCMS/blob/master/SQL/1/del.php.md"
"name": "https://github.com/actionyz/ZZCMS/blob/master/SQL/1/del.php.md",
"refsource": "MISC",
"url": "https://github.com/actionyz/ZZCMS/blob/master/SQL/1/del.php.md"
}
]
}

62
2018/13xxx/CVE-2018-13129.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13129",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13129",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner."
"lang": "eng",
"value": "SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md"
"name": "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md"
}
]
}

22
2018/13xxx/CVE-2018-13246.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13246",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13246",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/13xxx/CVE-2018-13251.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13251",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13251",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file."
"lang": "eng",
"value": "In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/libming/libming/issues/149",
"refsource" : "MISC",
"url" : "https://github.com/libming/libming/issues/149"
"name": "https://github.com/libming/libming/issues/149",
"refsource": "MISC",
"url": "https://github.com/libming/libming/issues/149"
}
]
}

68
2018/13xxx/CVE-2018-13757.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13757",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13757",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for Coinquer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for Coinquer, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Coinquer",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Coinquer"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Coinquer",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Coinquer"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}

62
2018/17xxx/CVE-2018-17309.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17309",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17309",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi."
"lang": "eng",
"value": "On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstormsecurity.com/files/149493/RICOH-MP-C406Z-Printer-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149493/RICOH-MP-C406Z-Printer-Cross-Site-Scripting.html"
"name": "http://packetstormsecurity.com/files/149493/RICOH-MP-C406Z-Printer-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149493/RICOH-MP-C406Z-Printer-Cross-Site-Scripting.html"
}
]
}

22
2018/17xxx/CVE-2018-17821.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17821",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17821",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

70
2018/17xxx/CVE-2018-17907.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-10-17T00:00:00",
"ID" : "CVE-2018-17907",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-17T00:00:00",
"ID": "CVE-2018-17907",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "CX-Supervisor",
"version" : {
"version_data" : [
"product_name": "CX-Supervisor",
"version": {
"version_data": [
{
"version_value" : "Versions 3.4.1.0 and prior."
"version_value": "Versions 3.4.1.0 and prior."
}
]
}
}
]
},
"vendor_name" : "Omron"
"vendor_name": "Omron"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array."
"lang": "eng",
"value": "When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119"
"lang": "eng",
"value": "IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01"
},
{
"name" : "105691",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105691"
"name": "105691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105691"
}
]
}

64
2018/17xxx/CVE-2018-17917.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-10-09T00:00:00",
"ID" : "CVE-2018-17917",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-09T00:00:00",
"ID": "CVE-2018-17917",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "XMeye P2P Cloud Server",
"version" : {
"version_data" : [
"product_name": "XMeye P2P Cloud Server",
"version": {
"version_data": [
{
"version_value" : "All versions"
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name" : "Hangzhou Xiongmai Technology Co., Ltd"
"vendor_name": "Hangzhou Xiongmai Technology Co., Ltd"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps."
"lang": "eng",
"value": "All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server may allow an attacker to use MAC addresses to enumerate potential Cloud IDs. Using this ID, the attacker can discover and connect to valid devices using one of the supported apps."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "PREDICTABLE FROM OBSERVABLE STATE CWE-341"
"lang": "eng",
"value": "PREDICTABLE FROM OBSERVABLE STATE CWE-341"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-282-06"
}
]
}

68
2018/17xxx/CVE-2018-17938.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17938",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17938",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value."
"lang": "eng",
"value": "Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=109021",
"refsource" : "MISC",
"url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=109021"
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109021",
"refsource": "MISC",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109021"
},
{
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10",
"refsource" : "MISC",
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10"
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.10"
}
]
}