admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:19:00 +00:00
parent a0319c85c6
commit 087ae5b991
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3392 additions and 3333 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

280
2004/0xxx/CVE-2004-0214.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0214",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040425 Microsoft's Explorer and Internet Explorer long share name buffer overflow.",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/lists/bugtraq/2004/Apr/0322.html"
},
{
"name" : "20040425 Microsoft's Explorer and Internet Explorer long share name buffer overflow.",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/lists/fulldisclosure/2004/Apr/0933.html"
},
{
"name" : "MS04-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-037"
},
{
"name" : "322857",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/default.aspx?scid=kb;en-us;322857"
},
{
"name" : "VU#616200",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/616200"
},
{
"name" : "http://www.securiteam.com/windowsntfocus/5JP0M1PCKI.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/windowsntfocus/5JP0M1PCKI.html"
},
{
"name" : "10213",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10213"
},
{
"name" : "5687",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5687"
},
{
"name" : "oval:org.mitre.oval:def:1601",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1601"
},
{
"name" : "oval:org.mitre.oval:def:1749",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1749"
},
{
"name" : "oval:org.mitre.oval:def:2638",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2638"
},
{
"name" : "oval:org.mitre.oval:def:4345",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4345"
},
{
"name" : "oval:org.mitre.oval:def:5307",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5307"
},
{
"name" : "1011647",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011647"
},
{
"name" : "11482",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11482/"
},
{
"name" : "win-long-fileshare-bo(15956)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15956"
},
{
"name" : "win-ms04037-patch(17662)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17662"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "322857",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;322857"
},
{
"name": "oval:org.mitre.oval:def:2638",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2638"
},
{
"name": "1011647",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011647"
},
{
"name": "oval:org.mitre.oval:def:5307",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5307"
},
{
"name": "oval:org.mitre.oval:def:1601",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1601"
},
{
"name": "10213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10213"
},
{
"name": "win-ms04037-patch(17662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17662"
},
{
"name": "5687",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5687"
},
{
"name": "VU#616200",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/616200"
},
{
"name": "20040425 Microsoft's Explorer and Internet Explorer long share name buffer overflow.",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2004/Apr/0933.html"
},
{
"name": "oval:org.mitre.oval:def:4345",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4345"
},
{
"name": "11482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11482/"
},
{
"name": "oval:org.mitre.oval:def:1749",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1749"
},
{
"name": "win-long-fileshare-bo(15956)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15956"
},
{
"name": "20040425 Microsoft's Explorer and Internet Explorer long share name buffer overflow.",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2004/Apr/0322.html"
},
{
"name": "http://www.securiteam.com/windowsntfocus/5JP0M1PCKI.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5JP0M1PCKI.html"
},
{
"name": "MS04-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-037"
}
]
}
}

170
2004/0xxx/CVE-2004-0434.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0434",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040505 Advisory: Heimdal kadmind version4 remote heap overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108386148126457&w=2"
},
{
"name" : "20040506 Advisory: Heimdal kadmind version4 remote heap overflow",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020998.html"
},
{
"name" : "DSA-504",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-504"
},
{
"name" : "FreeBSD-SA-04:09",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc"
},
{
"name" : "GLSA-200405-23",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200405-23.xml"
},
{
"name" : "heimdal-kadmind-bo(16071)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16071"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "heimdal-kadmind-bo(16071)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16071"
},
{
"name": "DSA-504",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-504"
},
{
"name": "20040506 Advisory: Heimdal kadmind version4 remote heap overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020998.html"
},
{
"name": "20040505 Advisory: Heimdal kadmind version4 remote heap overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108386148126457&w=2"
},
{
"name": "GLSA-200405-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-23.xml"
},
{
"name": "FreeBSD-SA-04:09",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:09.kadmind.asc"
}
]
}
}

130
2004/0xxx/CVE-2004-0921.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to \"terminate authenticated user mounts\" via modified SessionDestroy packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2004-09-30",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html"
},
{
"name" : "11322",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11322"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to \"terminate authenticated user mounts\" via modified SessionDestroy packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11322"
},
{
"name": "APPLE-SA-2004-09-30",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00000.html"
}
]
}
}

34
2004/1xxx/CVE-2004-1249.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1249",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1249",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2004/1xxx/CVE-2004-1276.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tigger.uic.edu/~jlongs2/holes/iglooftp.txt",
"refsource" : "MISC",
"url" : "http://tigger.uic.edu/~jlongs2/holes/iglooftp.txt"
},
{
"name" : "iglooftp-file-overwrites(18632)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18632"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "iglooftp-file-overwrites(18632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18632"
},
{
"name": "http://tigger.uic.edu/~jlongs2/holes/iglooftp.txt",
"refsource": "MISC",
"url": "http://tigger.uic.edu/~jlongs2/holes/iglooftp.txt"
}
]
}
}

200
2004/1xxx/CVE-2004-1552.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040923 aspWebCalendar /aspWebAlbum: SQL injection",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109604910025090&w=2"
},
{
"name" : "3546",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/3546"
},
{
"name" : "11246",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11246"
},
{
"name" : "23098",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/23098"
},
{
"name" : "ADV-2007-1093",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1093"
},
{
"name" : "12651",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12651"
},
{
"name" : "24622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24622"
},
{
"name" : "aspwebcalendar-sql-injection(17506)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17506"
},
{
"name" : "aspwebcalendar-calendar-sql-injection(33157)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/33157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11246"
},
{
"name": "23098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23098"
},
{
"name": "12651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12651"
},
{
"name": "3546",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3546"
},
{
"name": "20040923 aspWebCalendar /aspWebAlbum: SQL injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109604910025090&w=2"
},
{
"name": "aspwebcalendar-sql-injection(17506)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17506"
},
{
"name": "ADV-2007-1093",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1093"
},
{
"name": "aspwebcalendar-calendar-sql-injection(33157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33157"
},
{
"name": "24622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24622"
}
]
}
}

190
2004/1xxx/CVE-2004-1881.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040331 CactuSoft CactuShop v5.x shopping cart software multiple security",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108075059013762&w=2"
},
{
"name" : "http://www.s-quadra.com/advisories/Adv-20040331.txt",
"refsource" : "MISC",
"url" : "http://www.s-quadra.com/advisories/Adv-20040331.txt"
},
{
"name" : "10019",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10019"
},
{
"name" : "4785",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4785"
},
{
"name" : "4786",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4786"
},
{
"name" : "1009601",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1009601"
},
{
"name" : "11272",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11272"
},
{
"name" : "cactushop-multiple-sql-injection(15686)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15686"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.s-quadra.com/advisories/Adv-20040331.txt",
"refsource": "MISC",
"url": "http://www.s-quadra.com/advisories/Adv-20040331.txt"
},
{
"name": "4785",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4785"
},
{
"name": "4786",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4786"
},
{
"name": "20040331 CactuSoft CactuShop v5.x shopping cart software multiple security",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108075059013762&w=2"
},
{
"name": "cactushop-multiple-sql-injection(15686)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15686"
},
{
"name": "10019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10019"
},
{
"name": "11272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11272"
},
{
"name": "1009601",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009601"
}
]
}
}

160
2004/1xxx/CVE-2004-1892.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1892",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040403 eMule v0.42d Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108100987429960&w=2"
},
{
"name" : "http://www.emule-project.net/home/perl/news.cgi?l=1&cat_id=22",
"refsource" : "CONFIRM",
"url" : "http://www.emule-project.net/home/perl/news.cgi?l=1&cat_id=22"
},
{
"name" : "10039",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10039"
},
{
"name" : "11289",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11289"
},
{
"name" : "emule-decodebase16-bo(15730)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15730"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10039",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10039"
},
{
"name": "emule-decodebase16-bo(15730)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15730"
},
{
"name": "11289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11289"
},
{
"name": "http://www.emule-project.net/home/perl/news.cgi?l=1&cat_id=22",
"refsource": "CONFIRM",
"url": "http://www.emule-project.net/home/perl/news.cgi?l=1&cat_id=22"
},
{
"name": "20040403 eMule v0.42d Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108100987429960&w=2"
}
]
}
}

200
2004/2xxx/CVE-2004-2038.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2038",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.php or (3) auth.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040529 LDU (land down under) xss vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108585789220174&w=2"
},
{
"name" : "http://ldu.neocrome.net/page.php?id=1357",
"refsource" : "CONFIRM",
"url" : "http://ldu.neocrome.net/page.php?id=1357"
},
{
"name" : "10435",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10435"
},
{
"name" : "6508",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6508"
},
{
"name" : "6510",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6510"
},
{
"name" : "6511",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6511"
},
{
"name" : "1010335",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/alerts/2004/May/1010335.html"
},
{
"name" : "11739",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11739"
},
{
"name" : "ldu-bbcode-xss(16284)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16284"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.php or (3) auth.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6511",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6511"
},
{
"name": "http://ldu.neocrome.net/page.php?id=1357",
"refsource": "CONFIRM",
"url": "http://ldu.neocrome.net/page.php?id=1357"
},
{
"name": "6508",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6508"
},
{
"name": "6510",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6510"
},
{
"name": "ldu-bbcode-xss(16284)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16284"
},
{
"name": "20040529 LDU (land down under) xss vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108585789220174&w=2"
},
{
"name": "10435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10435"
},
{
"name": "11739",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11739"
},
{
"name": "1010335",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2004/May/1010335.html"
}
]
}
}

170
2004/2xxx/CVE-2004-2083.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2083",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka \"File Download Extension Spoofing.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/",
"refsource" : "MISC",
"url" : "http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/750b1/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/750b1/"
},
{
"name" : "9640",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9640"
},
{
"name" : "3917",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3917"
},
{
"name" : "10760",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10760"
},
{
"name" : "opera-cslid-extension-spoof(21698)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21698"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka \"File Download Extension Spoofing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/",
"refsource": "MISC",
"url": "http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/"
},
{
"name": "opera-cslid-extension-spoof(21698)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21698"
},
{
"name": "9640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9640"
},
{
"name": "3917",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3917"
},
{
"name": "10760",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10760"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/750b1/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/750b1/"
}
]
}
}

120
2004/2xxx/CVE-2004-2662.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.soft3304.net/04WebServer/Security.html",
"refsource" : "CONFIRM",
"url" : "http://www.soft3304.net/04WebServer/Security.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.soft3304.net/04WebServer/Security.html",
"refsource": "CONFIRM",
"url": "http://www.soft3304.net/04WebServer/Security.html"
}
]
}
}

160
2008/2xxx/CVE-2008-2457.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2457",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5660",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5660"
},
{
"name" : "29308",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29308"
},
{
"name" : "ADV-2008-1592",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1592/references"
},
{
"name" : "30314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30314"
},
{
"name" : "phpjokesite-jokescategory-sql-injection(42554)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42554"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5660",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5660"
},
{
"name": "29308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29308"
},
{
"name": "ADV-2008-1592",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1592/references"
},
{
"name": "phpjokesite-jokescategory-sql-injection(42554)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42554"
},
{
"name": "30314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30314"
}
]
}
}

160
2008/2xxx/CVE-2008-2623.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html"
},
{
"name" : "33177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33177"
},
{
"name" : "ADV-2009-0115",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0115"
},
{
"name" : "1021572",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021572"
},
{
"name" : "33525",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33525"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33525"
},
{
"name": "ADV-2009-0115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0115"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html"
},
{
"name": "1021572",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021572"
},
{
"name": "33177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33177"
}
]
}
}

140
2008/2xxx/CVE-2008-2837.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2837",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5863",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5863"
},
{
"name" : "29816",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29816"
},
{
"name" : "cmsbrd-menuclick-sql-injection(43183)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5863",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5863"
},
{
"name": "29816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29816"
},
{
"name": "cmsbrd-menuclick-sql-injection(43183)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43183"
}
]
}
}

150
2008/6xxx/CVE-2008-6137.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6137",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/318746",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/318746"
},
{
"name" : "31656",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31656"
},
{
"name" : "32194",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32194"
},
{
"name" : "everyblog-unspecified-security-bypass(45759)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45759"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to bypass access restrictions via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "everyblog-unspecified-security-bypass(45759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45759"
},
{
"name": "31656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31656"
},
{
"name": "32194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32194"
},
{
"name": "http://drupal.org/node/318746",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/318746"
}
]
}
}

140
2008/6xxx/CVE-2008-6410.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6410",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6543",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6543"
},
{
"name" : "31348",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31348"
},
{
"name" : "31706",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31706"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in show.php in ol'bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6543",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6543"
},
{
"name": "31706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31706"
},
{
"name": "31348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31348"
}
]
}
}

140
2008/6xxx/CVE-2008-6594.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the cm_rdfexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080416-2/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080416-2/"
},
{
"name" : "45094",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/45094"
},
{
"name" : "cmrdfexport-unspecified-sql-injection(49829)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49829"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the cm_rdfexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cmrdfexport-unspecified-sql-injection(49829)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49829"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080416-2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080416-2/"
},
{
"name": "45094",
"refsource": "OSVDB",
"url": "http://osvdb.org/45094"
}
]
}
}

160
2008/6xxx/CVE-2008-6944.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6944",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7111",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7111"
},
{
"name" : "32293",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32293"
},
{
"name" : "49960",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/49960"
},
{
"name" : "32690",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32690"
},
{
"name" : "autoclassifiedssoftware-image-file-upload(46608)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46608"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32690"
},
{
"name": "49960",
"refsource": "OSVDB",
"url": "http://osvdb.org/49960"
},
{
"name": "7111",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7111"
},
{
"name": "32293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32293"
},
{
"name": "autoclassifiedssoftware-image-file-upload(46608)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46608"
}
]
}
}

130
2008/7xxx/CVE-2008-7201.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lantronix MSS485-T allows remote attackers to cause a denial of service (unstable performance and service loss) via certain vulnerability scans, as demonstrated using (1) Nessus and (2) nmap."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080124 Re: scada/plc gear",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0487.html"
},
{
"name" : "51003",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51003"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lantronix MSS485-T allows remote attackers to cause a denial of service (unstable performance and service loss) via certain vulnerability scans, as demonstrated using (1) Nessus and (2) nmap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080124 Re: scada/plc gear",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0487.html"
},
{
"name": "51003",
"refsource": "OSVDB",
"url": "http://osvdb.org/51003"
}
]
}
}

130
2008/7xxx/CVE-2008-7288.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7288",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers to cause a denial of service (server destabilization) via an anonymous DIGEST-MD5 LDAP Bind operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg2402966",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg2402966"
},
{
"name" : "IO09666",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO09666"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers to cause a denial of service (server destabilization) via an anonymous DIGEST-MD5 LDAP Bind operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IO09666",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IO09666"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg2402966",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg2402966"
}
]
}
}

150
2012/5xxx/CVE-2012-5142.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-5142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=160803",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=160803"
},
{
"name" : "openSUSE-SU-2012:1682",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00073.html"
},
{
"name" : "oval:org.mitre.oval:def:16173",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16173"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=160803",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=160803"
},
{
"name": "openSUSE-SU-2012:1682",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00073.html"
},
{
"name": "oval:org.mitre.oval:def:16173",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16173"
}
]
}
}

150
2012/5xxx/CVE-2012-5157.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5157",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-5157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=162156",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=162156"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=162776",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=162776"
},
{
"name" : "oval:org.mitre.oval:def:16424",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16424"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16424",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16424"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=162156",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=162156"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=162776",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=162776"
}
]
}
}

150
2012/5xxx/CVE-2012-5224.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[template] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/view/109098/vbadvancedcmps-rfilfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/109098/vbadvancedcmps-rfilfi.txt"
},
{
"name" : "http://www.vbadvanced.com/forum/showthread.php?s=c4fdb72b5c0751a056e814bf32a26ddb&t=44720",
"refsource" : "MISC",
"url" : "http://www.vbadvanced.com/forum/showthread.php?s=c4fdb72b5c0751a056e814bf32a26ddb&t=44720"
},
{
"name" : "51672",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51672"
},
{
"name" : "vbadvancedcmps-template-file-include(72736)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72736"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[template] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vbadvancedcmps-template-file-include(72736)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72736"
},
{
"name": "http://packetstormsecurity.org/files/view/109098/vbadvancedcmps-rfilfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/109098/vbadvancedcmps-rfilfi.txt"
},
{
"name": "51672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51672"
},
{
"name": "http://www.vbadvanced.com/forum/showthread.php?s=c4fdb72b5c0751a056e814bf32a26ddb&t=44720",
"refsource": "MISC",
"url": "http://www.vbadvanced.com/forum/showthread.php?s=c4fdb72b5c0751a056e814bf32a26ddb&t=44720"
}
]
}
}

140
2012/5xxx/CVE-2012-5346.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5346",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/108282/wplivephp-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/108282/wplivephp-xss.txt"
},
{
"name" : "51220",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51220"
},
{
"name" : "wplivephp-wplive-xss(72080)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72080"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/108282/wplivephp-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/108282/wplivephp-xss.txt"
},
{
"name": "51220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51220"
},
{
"name": "wplivephp-wplive-xss(72080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72080"
}
]
}
}

34
2012/5xxx/CVE-2012-5869.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5869",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5869",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/11xxx/CVE-2017-11427.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11427",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11427",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/11xxx/CVE-2017-11534.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11534",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/564",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/564"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/564",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/564"
}
]
}
}

34
2017/11xxx/CVE-2017-11621.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11621",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11621",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/11xxx/CVE-2017-11662.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42433",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42433/"
},
{
"name" : "20170808 wildmidi multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Aug/12"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42433",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42433/"
},
{
"name": "20170808 wildmidi multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Aug/12"
}
]
}
}

34
2017/14xxx/CVE-2017-14670.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14670",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-14670",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

150
2017/15xxx/CVE-2017-15048.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43355",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43355/"
},
{
"name" : "20171215 [CONVISO-17-002] - Zoom Linux Client Stack-based Buffer Overflow Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Dec/46"
},
{
"name" : "http://packetstormsecurity.com/files/145452/Zoom-Linux-Client-2.0.106600.0904-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/145452/Zoom-Linux-Client-2.0.106600.0904-Buffer-Overflow.html"
},
{
"name" : "https://github.com/convisoappsec/advisories/blob/master/2017/CONVISO-17-002.txt",
"refsource" : "MISC",
"url" : "https://github.com/convisoappsec/advisories/blob/master/2017/CONVISO-17-002.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/145452/Zoom-Linux-Client-2.0.106600.0904-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145452/Zoom-Linux-Client-2.0.106600.0904-Buffer-Overflow.html"
},
{
"name": "https://github.com/convisoappsec/advisories/blob/master/2017/CONVISO-17-002.txt",
"refsource": "MISC",
"url": "https://github.com/convisoappsec/advisories/blob/master/2017/CONVISO-17-002.txt"
},
{
"name": "20171215 [CONVISO-17-002] - Zoom Linux Client Stack-based Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/46"
},
{
"name": "43355",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43355/"
}
]
}
}

142
2017/15xxx/CVE-2017-15103.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2017-12-18T00:00:00",
"ID" : "CVE-2017-15103",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Heketi",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
}
]
}
}
]
},
"vendor_name" : "Heketi"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-78"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-12-18T00:00:00",
"ID": "CVE-2017-15103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Heketi",
"version": {
"version_data": [
{
"version_value": "5.0"
}
]
}
}
]
},
"vendor_name": "Heketi"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://access.redhat.com/security/cve/CVE-2017-15103",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/security/cve/CVE-2017-15103"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1510147",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1510147"
},
{
"name" : "RHSA-2017:3481",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1510147",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510147"
},
{
"name": "RHSA-2017:3481",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3481"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2017-15103",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/CVE-2017-15103"
}
]
}
}

34
2017/15xxx/CVE-2017-15180.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15180",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15180",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2017/15xxx/CVE-2017-15393.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-15393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 62.0.3202.62",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 62.0.3202.62"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient Policy Enforcement"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2017-15393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 62.0.3202.62",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 62.0.3202.62"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html",
"refsource" : "MISC",
"url" : "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html"
},
{
"name" : "https://crbug.com/732751",
"refsource" : "MISC",
"url" : "https://crbug.com/732751"
},
{
"name" : "DSA-4020",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4020"
},
{
"name" : "GLSA-201710-24",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-24"
},
{
"name" : "RHSA-2017:2997",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2997"
},
{
"name" : "101482",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Policy Enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101482"
},
{
"name": "https://crbug.com/732751",
"refsource": "MISC",
"url": "https://crbug.com/732751"
},
{
"name": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.html"
},
{
"name": "DSA-4020",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4020"
},
{
"name": "RHSA-2017:2997",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2997"
},
{
"name": "GLSA-201710-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-24"
}
]
}
}

170
2017/15xxx/CVE-2017-15806.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15806",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing \"-X/path/to/wwwroot/file.php.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43155",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43155/"
},
{
"name" : "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/",
"refsource" : "MISC",
"url" : "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"name" : "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/",
"refsource" : "MISC",
"url" : "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"name" : "https://github.com/zetacomponents/Mail/issues/58",
"refsource" : "CONFIRM",
"url" : "https://github.com/zetacomponents/Mail/issues/58"
},
{
"name" : "https://github.com/zetacomponents/Mail/releases/tag/1.8.2",
"refsource" : "CONFIRM",
"url" : "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name" : "101866",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101866"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing \"-X/path/to/wwwroot/file.php.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43155",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43155/"
},
{
"name": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/",
"refsource": "MISC",
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-critical-rce-vulnerability/"
},
{
"name": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/",
"refsource": "MISC",
"url": "https://kay-malwarebenchmark.github.io/blog/cve-2017-15806-yuan-cheng-dai-ma-zhi-xing-lou-dong/"
},
{
"name": "https://github.com/zetacomponents/Mail/issues/58",
"refsource": "CONFIRM",
"url": "https://github.com/zetacomponents/Mail/issues/58"
},
{
"name": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2",
"refsource": "CONFIRM",
"url": "https://github.com/zetacomponents/Mail/releases/tag/1.8.2"
},
{
"name": "101866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101866"
}
]
}
}

140
2017/3xxx/CVE-2017-3792.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-3792",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode",
"version" : {
"version_data" : [
{
"version_value" : "Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-3792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode",
"version": {
"version_data": [
{
"version_value": "Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence"
},
{
"name" : "95787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95787"
},
{
"name" : "1037698",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037698"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence"
},
{
"name": "95787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95787"
},
{
"name": "1037698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037698"
}
]
}
}

122
2017/8xxx/CVE-2017-8125.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-8125",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "UMA",
"version" : {
"version_data" : [
{
"version_value" : "V200R001 and V300R001"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XSS"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001 and V300R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}

140
2017/8xxx/CVE-2017-8363.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8363",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html"
},
{
"name" : "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/"
},
{
"name" : "GLSA-201811-23",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-23"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/"
},
{
"name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html"
},
{
"name": "GLSA-201811-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-23"
}
]
}
}

130
2017/8xxx/CVE-2017-8576.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8576",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Windows",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka \"Microsoft Graphics Component Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Windows",
"version": {
"version_data": [
{
"version_value": "Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8576",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8576"
},
{
"name" : "99210",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99210"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka \"Microsoft Graphics Component Elevation of Privilege Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99210"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8576",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8576"
}
]
}
}

160
2017/8xxx/CVE-2017-8818.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org",
"ID" : "CVE-2017-8818",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "curl and libcurl before 7.57.0",
"version" : {
"version_data" : [
{
"version_value" : "curl and libcurl before 7.57.0"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds access"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-8818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "curl and libcurl before 7.57.0",
"version": {
"version_data": [
{
"version_value": "curl and libcurl before 7.57.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://curl.haxx.se/docs/adv_2017-af0a.html",
"refsource" : "CONFIRM",
"url" : "https://curl.haxx.se/docs/adv_2017-af0a.html"
},
{
"name" : "http://security.cucumberlinux.com/security/details.php?id=163",
"refsource" : "CONFIRM",
"url" : "http://security.cucumberlinux.com/security/details.php?id=163"
},
{
"name" : "GLSA-201712-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201712-04"
},
{
"name" : "102014",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102014"
},
{
"name" : "1039898",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201712-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201712-04"
},
{
"name": "https://curl.haxx.se/docs/adv_2017-af0a.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_2017-af0a.html"
},
{
"name": "1039898",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039898"
},
{
"name": "http://security.cucumberlinux.com/security/details.php?id=163",
"refsource": "CONFIRM",
"url": "http://security.cucumberlinux.com/security/details.php?id=163"
},
{
"name": "102014",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102014"
}
]
}
}

130
2018/12xxx/CVE-2018-12245.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@symantec.com",
"ID" : "CVE-2018-12245",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Symantec Endpoint Protection (SEP)",
"version" : {
"version_data" : [
{
"version_value" : "Prior to 14.2 MP1"
}
]
}
}
]
},
"vendor_name" : "Symantec Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DLL Preloading"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2018-12245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Endpoint Protection (SEP)",
"version": {
"version_data": [
{
"version_value": "Prior to 14.2 MP1"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html",
"refsource" : "CONFIRM",
"url" : "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html"
},
{
"name" : "105919",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105919"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally loads a DLL provided by a potential attacker. Note that this particular type of exploit only manifests at install time; no remediation is required for software that has already been installed. This issue only impacted the Trialware media for Symantec Endpoint Protection, which has since been updated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105919"
},
{
"name": "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1468.html"
}
]
}
}

120
2018/12xxx/CVE-2018-12481.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12481",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Olive Tree Ftp Server application 1.32 for Android has a \"Sensitive Data on the Clipboard\" vulnerability, as demonstrated by reading the \"User password\" field with the Drozer post.capture.clipboard module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pastebin.com/sp5nMhvc",
"refsource" : "MISC",
"url" : "https://pastebin.com/sp5nMhvc"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Olive Tree Ftp Server application 1.32 for Android has a \"Sensitive Data on the Clipboard\" vulnerability, as demonstrated by reading the \"User password\" field with the Drozer post.capture.clipboard module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/sp5nMhvc",
"refsource": "MISC",
"url": "https://pastebin.com/sp5nMhvc"
}
]
}
}

150
2018/12xxx/CVE-2018-12544.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "emo@eclipse.org",
"ID" : "CVE-2018-12544",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Eclipse Vert.x",
"version" : {
"version_data" : [
{
"version_affected" : ">=",
"version_value" : "3.5.0"
},
{
"version_affected" : "<=",
"version_value" : "3.5.3"
}
]
}
}
]
},
"vendor_name" : "The Eclipse Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"
}
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2018-12544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Vert.x",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "3.5.0"
},
{
"version_affected": "<=",
"version_value": "3.5.3"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568",
"refsource" : "CONFIRM",
"url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568"
},
{
"name" : "https://github.com/vert-x3/vertx-web/issues/1021",
"refsource" : "CONFIRM",
"url" : "https://github.com/vert-x3/vertx-web/issues/1021"
},
{
"name" : "RHSA-2018:2946",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2946"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2946",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2946"
},
{
"name": "https://github.com/vert-x3/vertx-web/issues/1021",
"refsource": "CONFIRM",
"url": "https://github.com/vert-x3/vertx-web/issues/1021"
},
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=539568"
}
]
}
}

34
2018/12xxx/CVE-2018-12553.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12553",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-12553",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

34
2018/12xxx/CVE-2018-12719.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12719",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12719",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/13xxx/CVE-2018-13034.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13034",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via \"..%f\" sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/dom96/jester/blob/master/changelog.markdown",
"refsource" : "CONFIRM",
"url" : "https://github.com/dom96/jester/blob/master/changelog.markdown"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via \"..%f\" sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dom96/jester/blob/master/changelog.markdown",
"refsource": "CONFIRM",
"url": "https://github.com/dom96/jester/blob/master/changelog.markdown"
}
]
}
}

236
2018/13xxx/CVE-2018-13404.json
View File

@ -1,120 +1,120 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2019-01-18T00:00:00",
"ID" : "CVE-2018-13404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jira",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "7.6.10"
},
{
"version_affected" : ">=",
"version_value" : "7.7.0"
},
{
"version_affected" : "<",
"version_value" : "7.7.5"
},
{
"version_affected" : ">=",
"version_value" : "7.8.0"
},
{
"version_affected" : "<",
"version_value" : "7.8.5"
},
{
"version_affected" : ">=",
"version_value" : "7.9.0"
},
{
"version_affected" : "<",
"version_value" : "7.9.3"
},
{
"version_affected" : ">=",
"version_value" : "7.10.0"
},
{
"version_affected" : "<",
"version_value" : "7.10.3"
},
{
"version_affected" : ">=",
"version_value" : "7.11.0"
},
{
"version_affected" : "<",
"version_value" : "7.11.3"
},
{
"version_affected" : ">=",
"version_value" : "7.12.0"
},
{
"version_affected" : "<",
"version_value" : "7.12.3"
},
{
"version_affected" : ">=",
"version_value" : "7.13.0"
},
{
"version_affected" : "<",
"version_value" : "7.13.1"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Server-Side Request Forgery (SSRF)"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-01-18T00:00:00",
"ID": "CVE-2018-13404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "7.6.10"
},
{
"version_affected": ">=",
"version_value": "7.7.0"
},
{
"version_affected": "<",
"version_value": "7.7.5"
},
{
"version_affected": ">=",
"version_value": "7.8.0"
},
{
"version_affected": "<",
"version_value": "7.8.5"
},
{
"version_affected": ">=",
"version_value": "7.9.0"
},
{
"version_affected": "<",
"version_value": "7.9.3"
},
{
"version_affected": ">=",
"version_value": "7.10.0"
},
{
"version_affected": "<",
"version_value": "7.10.3"
},
{
"version_affected": ">=",
"version_value": "7.11.0"
},
{
"version_affected": "<",
"version_value": "7.11.3"
},
{
"version_affected": ">=",
"version_value": "7.12.0"
},
{
"version_affected": "<",
"version_value": "7.12.3"
},
{
"version_affected": ">=",
"version_value": "7.13.0"
},
{
"version_affected": "<",
"version_value": "7.13.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/JRASERVER-68527",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/JRASERVER-68527"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and from version 7.13.0 before version 7.13.1 allows remote attackers who have administrator rights to determine the existence of internal hosts & open ports and in some cases obtain service information from internal network resources via a Server Side Request Forgery (SSRF) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/JRASERVER-68527",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/JRASERVER-68527"
}
]
}
}

34
2018/16xxx/CVE-2018-16544.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16544",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16544",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/16xxx/CVE-2018-16663.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16663",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/contiki-ng/contiki-ng/issues/599",
"refsource" : "MISC",
"url" : "https://github.com/contiki-ng/contiki-ng/issues/599"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in parse_relations in os/storage/antelope/aql-parser.c while parsing AQL (storage of relations)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/contiki-ng/contiki-ng/issues/599",
"refsource": "MISC",
"url": "https://github.com/contiki-ng/contiki-ng/issues/599"
}
]
}
}

34
2018/16xxx/CVE-2018-16893.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16893",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16893",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/17xxx/CVE-2018-17344.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17344",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17344",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/17xxx/CVE-2018-17973.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17973",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17973",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

63
2018/20xxx/CVE-2018-20121.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20121",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151333/Podcast-Generator-2.7-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151333/Podcast-Generator-2.7-Cross-Site-Scripting.html"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Jan/63",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Jan/63"
},
{
"url": "https://github.com/albertobeta/PodcastGenerator/commits/master",
"refsource": "MISC",
"name": "https://github.com/albertobeta/PodcastGenerator/commits/master"
},
{
"refsource": "MISC",
"name": "https://www.netsparker.com/web-applications-advisories/ns-18-051-stored-cross-site-scripting-in-podcastgenerator/",
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-051-stored-cross-site-scripting-in-podcastgenerator/"
}
]
}

120
2018/4xxx/CVE-2018-4041.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"ID" : "CVE-2018-4041",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Clean My Mac",
"version" : {
"version_data" : [
{
"version_value" : "Clean My Mac X 4.04"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-4041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Clean My Mac",
"version": {
"version_data": [
{
"version_value": "Clean My Mac X 4.04"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0715",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0715"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0715",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0715"
}
]
}
}

34
2018/4xxx/CVE-2018-4528.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4528",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4528",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}