admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:44:06 +00:00
parent 1b433b86cb
commit 0f0a0e5f7d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3623 additions and 3623 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2003/1xxx/CVE-2003-1150.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10088194.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10088194.htm"
},
{
"name" : "8907",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8907"
},
{
"name" : "10100",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10100"
},
{
"name" : "novell-portmapper-bo(13564)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13564"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8907"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10088194.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10088194.htm"
},
{
"name": "10100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10100"
},
{
"name": "novell-portmapper-bo(13564)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13564"
}
]
}
}

150
2003/1xxx/CVE-2003-1394.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1394",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030228 Easy obtaining User+Pass+More on CoffeeCup Password Wizard All Versions",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/313580"
},
{
"name" : "6995",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6995"
},
{
"name" : "3259",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3259"
},
{
"name" : "coffeecup-password-file-retrieval(11447)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11447"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6995"
},
{
"name": "coffeecup-password-file-retrieval(11447)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11447"
},
{
"name": "20030228 Easy obtaining User+Pass+More on CoffeeCup Password Wizard All Versions",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/313580"
},
{
"name": "3259",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3259"
}
]
}
}

150
2003/1xxx/CVE-2003-1513.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1513",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031019 Caucho Resin 2.x - Cross Site Scripting",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html"
},
{
"name" : "8852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8852"
},
{
"name" : "10031",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10031"
},
{
"name" : "resin-name-comment-xss(13460)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13460"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10031"
},
{
"name": "resin-name-comment-xss(13460)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13460"
},
{
"name": "20031019 Caucho Resin 2.x - Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html"
},
{
"name": "8852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8852"
}
]
}
}

180
2004/0xxx/CVE-2004-0309.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040219 EEYE: ZoneLabs SMTP Processing Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107722656827427&w=2"
},
{
"name" : "VU#619982",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/619982"
},
{
"name" : "O-084",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/o-084.shtml"
},
{
"name" : "http://download.zonelabs.com/bin/free/securityAlert/8.html",
"refsource" : "CONFIRM",
"url" : "http://download.zonelabs.com/bin/free/securityAlert/8.html"
},
{
"name" : "zonelabs-multiple-products-bo(14991)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14991"
},
{
"name" : "9696",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9696"
},
{
"name" : "3991",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3991"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3991",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3991"
},
{
"name": "http://download.zonelabs.com/bin/free/securityAlert/8.html",
"refsource": "CONFIRM",
"url": "http://download.zonelabs.com/bin/free/securityAlert/8.html"
},
{
"name": "20040219 EEYE: ZoneLabs SMTP Processing Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107722656827427&w=2"
},
{
"name": "9696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9696"
},
{
"name": "VU#619982",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/619982"
},
{
"name": "O-084",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-084.shtml"
},
{
"name": "zonelabs-multiple-products-bo(14991)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14991"
}
]
}
}

140
2004/0xxx/CVE-2004-0382.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0382",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00047.html",
"refsource" : "CONFIRM",
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00047.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"name" : "macos-cups-configuration-unknown(15769)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15769"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "macos-cups-configuration-unknown(15769)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15769"
},
{
"name": "http://lists.apple.com/mhonarc/security-announce/msg00047.html",
"refsource": "CONFIRM",
"url": "http://lists.apple.com/mhonarc/security-announce/msg00047.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=61798",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=61798"
}
]
}
}

190
2004/0xxx/CVE-2004-0693.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-542",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-542"
},
{
"name" : "201610",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201610-1"
},
{
"name" : "SUSE-SA:2004:027",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2004_27_qt3.html"
},
{
"name" : "RHSA-2004:414",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-414.html"
},
{
"name" : "GLSA-200408-20",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200408-20.xml"
},
{
"name" : "MDKSA-2004:085",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:085"
},
{
"name" : "oval:org.mitre.oval:def:10883",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10883"
},
{
"name" : "qt-gif-dos(17042)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17042"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200408-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200408-20.xml"
},
{
"name": "SUSE-SA:2004:027",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_27_qt3.html"
},
{
"name": "RHSA-2004:414",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-414.html"
},
{
"name": "qt-gif-dos(17042)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17042"
},
{
"name": "DSA-542",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-542"
},
{
"name": "201610",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201610-1"
},
{
"name": "oval:org.mitre.oval:def:10883",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10883"
},
{
"name": "MDKSA-2004:085",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:085"
}
]
}
}

220
2004/0xxx/CVE-2004-0905.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
},
{
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=250862",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=250862"
},
{
"name" : "FLSA:2089",
"refsource" : "FEDORA",
"url" : "http://marc.info/?l=bugtraq&m=109900315219363&w=2"
},
{
"name" : "GLSA-200409-26",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200409-26.xml"
},
{
"name" : "SSRT4826",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=109698896104418&w=2"
},
{
"name" : "SUSE-SA:2004:036",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
},
{
"name" : "TA04-261A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
},
{
"name" : "VU#651928",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/651928"
},
{
"name" : "11177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11177"
},
{
"name" : "oval:org.mitre.oval:def:10378",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378"
},
{
"name" : "mozilla-netscape-sameorigin-bypass(17374)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#651928",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/651928"
},
{
"name": "SUSE-SA:2004:036",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862",
"refsource": "CONFIRM",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=250862"
},
{
"name": "FLSA:2089",
"refsource": "FEDORA",
"url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2"
},
{
"name": "oval:org.mitre.oval:def:10378",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10378"
},
{
"name": "11177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11177"
},
{
"name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3"
},
{
"name": "GLSA-200409-26",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200409-26.xml"
},
{
"name": "mozilla-netscape-sameorigin-bypass(17374)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17374"
},
{
"name": "TA04-261A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-261A.html"
},
{
"name": "SSRT4826",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=109698896104418&w=2"
}
]
}
}

210
2004/1xxx/CVE-2004-1051.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1051",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sudo before 1.6.8p2 allows local users to execute arbitrary commands by using \"()\" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.sudo.ws/sudo/alerts/bash_functions.html",
"refsource" : "CONFIRM",
"url" : "http://www.sudo.ws/sudo/alerts/bash_functions.html"
},
{
"name" : "20041112 Sudo version 1.6.8p2 now available (fwd)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110028877431192&w=2"
},
{
"name" : "APPLE-SA-2005-05-03",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
},
{
"name" : "DSA-596",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-596"
},
{
"name" : "MDKSA-2004:133",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:133"
},
{
"name" : "2004-0061",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2004/0061/"
},
{
"name" : "OpenPKG-SA-2005.002",
"refsource" : "OPENPKG",
"url" : "http://marc.info/?l=bugtraq&m=110598298225675&w=2"
},
{
"name" : "USN-28-1",
"refsource" : "UBUNTU",
"url" : "https://www.ubuntu.com/usn/usn-28-1/"
},
{
"name" : "11668",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11668"
},
{
"name" : "sudo-bash-command-execution(18055)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18055"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sudo before 1.6.8p2 allows local users to execute arbitrary commands by using \"()\" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-28-1",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/usn-28-1/"
},
{
"name": "http://www.sudo.ws/sudo/alerts/bash_functions.html",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/sudo/alerts/bash_functions.html"
},
{
"name": "OpenPKG-SA-2005.002",
"refsource": "OPENPKG",
"url": "http://marc.info/?l=bugtraq&m=110598298225675&w=2"
},
{
"name": "20041112 Sudo version 1.6.8p2 now available (fwd)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110028877431192&w=2"
},
{
"name": "MDKSA-2004:133",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:133"
},
{
"name": "APPLE-SA-2005-05-03",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
},
{
"name": "11668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11668"
},
{
"name": "DSA-596",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-596"
},
{
"name": "sudo-bash-command-execution(18055)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18055"
},
{
"name": "2004-0061",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0061/"
}
]
}
}

170
2004/1xxx/CVE-2004-1562.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040930 Multiple vulnerabilities in w-agora forum",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109655691512298&w=2"
},
{
"name" : "20040930 Multiple vulnerabilities in w-agora forum",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/027040.html"
},
{
"name" : "11283",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11283"
},
{
"name" : "1011463",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011463"
},
{
"name" : "12695",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12695"
},
{
"name" : "wagora-redirurl-sql-injection(17557)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17557"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wagora-redirurl-sql-injection(17557)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17557"
},
{
"name": "1011463",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011463"
},
{
"name": "12695",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12695"
},
{
"name": "11283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11283"
},
{
"name": "20040930 Multiple vulnerabilities in w-agora forum",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109655691512298&w=2"
},
{
"name": "20040930 Multiple vulnerabilities in w-agora forum",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/027040.html"
}
]
}
}

160
2004/1xxx/CVE-2004-1685.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1685",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040915 SMC7004VWBR / SMC7008ABR \"spoofing\" vulnerability.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109526094614160&w=2"
},
{
"name" : "11197",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11197"
},
{
"name" : "10088",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/10088"
},
{
"name" : "12601",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12601"
},
{
"name" : "smc-router-security-bypass(17443)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17443"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12601"
},
{
"name": "smc-router-security-bypass(17443)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17443"
},
{
"name": "10088",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10088"
},
{
"name": "11197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11197"
},
{
"name": "20040915 SMC7004VWBR / SMC7008ABR \"spoofing\" vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109526094614160&w=2"
}
]
}
}

170
2004/1xxx/CVE-2004-1761.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1761",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00013.html",
"refsource" : "CONFIRM",
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00013.html"
},
{
"name" : "RHSA-2004:136",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-136.html"
},
{
"name" : "VU#695486",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/695486"
},
{
"name" : "oval:org.mitre.oval:def:10013",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10013"
},
{
"name" : "11185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11185"
},
{
"name" : "ethereal-colour-filter-dos(15572)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15572"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#695486",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/695486"
},
{
"name": "RHSA-2004:136",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-136.html"
},
{
"name": "11185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11185"
},
{
"name": "ethereal-colour-filter-dos(15572)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15572"
},
{
"name": "http://www.ethereal.com/appnotes/enpa-sa-00013.html",
"refsource": "CONFIRM",
"url": "http://www.ethereal.com/appnotes/enpa-sa-00013.html"
},
{
"name": "oval:org.mitre.oval:def:10013",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10013"
}
]
}
}

140
2004/2xxx/CVE-2004-2178.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2178",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.maxpatrol.com/advdetails.asp?id=11",
"refsource" : "MISC",
"url" : "http://www.maxpatrol.com/advdetails.asp?id=11"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=273104",
"refsource" : "MISC",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=273104"
},
{
"name" : "11428",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11428"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11428"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=273104",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=273104"
},
{
"name": "http://www.maxpatrol.com/advdetails.asp?id=11",
"refsource": "MISC",
"url": "http://www.maxpatrol.com/advdetails.asp?id=11"
}
]
}
}

34
2004/2xxx/CVE-2004-2285.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2285",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-2022. Reason: This candidate is a duplicate of CVE-2004-2022. Notes: All CVE users should reference CVE-2004-2022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2004-2285",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-2022. Reason: This candidate is a duplicate of CVE-2004-2022. Notes: All CVE users should reference CVE-2004-2022 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

170
2004/2xxx/CVE-2004-2388.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2388",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IY53507",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY53507"
},
{
"name" : "O-102",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/o-102.shtml"
},
{
"name" : "9835",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9835"
},
{
"name" : "4248",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4248"
},
{
"name" : "11085",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11085"
},
{
"name" : "rexecd-gain-privileges(15455)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15455"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11085"
},
{
"name": "O-102",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-102.shtml"
},
{
"name": "rexecd-gain-privileges(15455)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15455"
},
{
"name": "IY53507",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY53507"
},
{
"name": "9835",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9835"
},
{
"name": "4248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4248"
}
]
}
}

180
2004/2xxx/CVE-2004-2434.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2434",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with \"::{\" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using \"Save As\" and Internet Explorer prepares an error message with an attacker-controlled format string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040614 Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html"
},
{
"name" : "20040615 RE: Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html"
},
{
"name" : "20040728 Re: Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html"
},
{
"name" : "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html"
},
{
"name" : "8335",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/8335"
},
{
"name" : "1010491",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1010491"
},
{
"name" : "ie-null-pointer-dos(16420)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16420"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with \"::{\" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using \"Save As\" and Internet Explorer prepares an error message with an attacker-controlled format string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8335",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8335"
},
{
"name": "1010491",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010491"
},
{
"name": "20040615 RE: Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0428.html"
},
{
"name": "20040728 Re: Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1126.html"
},
{
"name": "20040614 Internet Explorer Remote Null Pointer Crash(mshtml.dll)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0397.html"
},
{
"name": "ie-null-pointer-dos(16420)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16420"
},
{
"name": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5IP020KDPU.html"
}
]
}
}

150
2008/2xxx/CVE-2008-2011.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2011",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget before 1.1 allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject arbitrary web script or HTML, and execute arbitrary code, via a response body, as demonstrated by a SCRIPT element that references a vbscript: URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mwrinfosecurity.com/news/1690.html",
"refsource" : "MISC",
"url" : "http://www.mwrinfosecurity.com/news/1690.html"
},
{
"name" : "http://www.mwrinfosecurity.com/publications/mwri_national-rail-enquiries-gadget-advisory_2008-04-24.pdf",
"refsource" : "MISC",
"url" : "http://www.mwrinfosecurity.com/publications/mwri_national-rail-enquiries-gadget-advisory_2008-04-24.pdf"
},
{
"name" : "28933",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28933"
},
{
"name" : "nationalrail-gadget-code-execution(42043)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42043"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the National Rail Enquiries Live Departure Boards gadget before 1.1 allows remote National Rail Enquiries servers or man-in-the-middle attackers to inject arbitrary web script or HTML, and execute arbitrary code, via a response body, as demonstrated by a SCRIPT element that references a vbscript: URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28933",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28933"
},
{
"name": "http://www.mwrinfosecurity.com/publications/mwri_national-rail-enquiries-gadget-advisory_2008-04-24.pdf",
"refsource": "MISC",
"url": "http://www.mwrinfosecurity.com/publications/mwri_national-rail-enquiries-gadget-advisory_2008-04-24.pdf"
},
{
"name": "http://www.mwrinfosecurity.com/news/1690.html",
"refsource": "MISC",
"url": "http://www.mwrinfosecurity.com/news/1690.html"
},
{
"name": "nationalrail-gadget-code-execution(42043)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42043"
}
]
}
}

190
2008/2xxx/CVE-2008-2287.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2287",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name" : "HPSBMA02369",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=122167472229965&w=2"
},
{
"name" : "SSRT080115",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=122167472229965&w=2"
},
{
"name" : "29197",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29197"
},
{
"name" : "1020024",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020024"
},
{
"name" : "ADV-2008-1542",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name" : "30261",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30261"
},
{
"name" : "symantec-altiris-install-code-execution(42442)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42442"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 does not properly protect the install directory, which might allow local users to gain privileges by replacing an application component with a Trojan horse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-altiris-install-code-execution(42442)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42442"
},
{
"name": "ADV-2008-1542",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1542/references"
},
{
"name": "SSRT080115",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=122167472229965&w=2"
},
{
"name": "HPSBMA02369",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=122167472229965&w=2"
},
{
"name": "29197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29197"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.05.14a.html"
},
{
"name": "1020024",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020024"
},
{
"name": "30261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30261"
}
]
}
}

220
2008/2xxx/CVE-2008-2957.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2957",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://crisp.cs.du.edu/?q=ca2007-1",
"refsource" : "MISC",
"url" : "http://crisp.cs.du.edu/?q=ca2007-1"
},
{
"name" : "[oss-security] 20080627 CVE Request (pidgin)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/06/27/3"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"name" : "MDVSA-2009:025",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"name" : "RHSA-2008:1023",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
},
{
"name" : "USN-675-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-675-1"
},
{
"name" : "29985",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29985"
},
{
"name" : "oval:org.mitre.oval:def:9076",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076"
},
{
"name" : "oval:org.mitre.oval:def:17599",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599"
},
{
"name" : "33102",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33102"
},
{
"name" : "32859",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32859"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2009:025",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025"
},
{
"name": "29985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29985"
},
{
"name": "oval:org.mitre.oval:def:9076",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9076"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm"
},
{
"name": "33102",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33102"
},
{
"name": "oval:org.mitre.oval:def:17599",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17599"
},
{
"name": "[oss-security] 20080627 CVE Request (pidgin)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/06/27/3"
},
{
"name": "USN-675-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-675-1"
},
{
"name": "32859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32859"
},
{
"name": "http://crisp.cs.du.edu/?q=ca2007-1",
"refsource": "MISC",
"url": "http://crisp.cs.du.edu/?q=ca2007-1"
},
{
"name": "RHSA-2008:1023",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html"
}
]
}
}

130
2008/2xxx/CVE-2008-2980.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to admin/features/memberlist/memberlist.php, the (3) language_array[ueberschrift] parameter to admin/features/lostpassword/lostpassword.php, the (4) language_feature[titel] parameter to admin/features/kalender/eingabe.php, and the (5) language_feature[bildmenu] parameter to admin/features/fotogalerie/eingabe.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5903",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5903"
},
{
"name" : "homephdesign-multiple-scripts-xss(43260)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43260"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to admin/features/memberlist/memberlist.php, the (3) language_array[ueberschrift] parameter to admin/features/lostpassword/lostpassword.php, the (4) language_feature[titel] parameter to admin/features/kalender/eingabe.php, and the (5) language_feature[bildmenu] parameter to admin/features/fotogalerie/eingabe.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5903",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5903"
},
{
"name": "homephdesign-multiple-scripts-xss(43260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43260"
}
]
}
}

140
2008/6xxx/CVE-2008-6167.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6167",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lng parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6821",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6821"
},
{
"name" : "31895",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31895"
},
{
"name" : "miniportail-search-file-include(46079)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46079"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lng parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6821",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6821"
},
{
"name": "31895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31895"
},
{
"name": "miniportail-search-file-include(46079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46079"
}
]
}
}

140
2008/6xxx/CVE-2008-6169.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the \"local translation submission interface.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/324862",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/324862"
},
{
"name" : "32388",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32388"
},
{
"name" : "localization-client-unspecified-csrf(46044)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the Localization client 5.x before 5.x-1.1 and 6.x before 6.x-1.6 and the Localization server 5.x before 5.x-1.0-alpha5 and 6.x before 6.x-alpha2, modules for Drupal, allows remote attackers to perform unauthorized actions as administrators via unspecified vectors related to the \"local translation submission interface.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32388"
},
{
"name": "localization-client-unspecified-csrf(46044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46044"
},
{
"name": "http://drupal.org/node/324862",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/324862"
}
]
}
}

150
2008/6xxx/CVE-2008-6459.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6459",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name" : "31239",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31239"
},
{
"name" : "48272",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/48272"
},
{
"name" : "autobeuser-unspecified-sql-injection(45255)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45255"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "autobeuser-unspecified-sql-injection(45255)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45255"
},
{
"name": "48272",
"refsource": "OSVDB",
"url": "http://osvdb.org/48272"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name": "31239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31239"
}
]
}
}

170
2008/6xxx/CVE-2008-6544.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6544",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-03/0425.html"
},
{
"name" : "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-03/0431.html"
},
{
"name" : "20080328 Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-03/0426.html"
},
{
"name" : "28493",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28493"
},
{
"name" : "51301",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51301"
},
{
"name" : "smf-subsgraphics-themes-file-include(41518)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41518"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080328 Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0426.html"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0425.html"
},
{
"name": "smf-subsgraphics-themes-file-include(41518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41518"
},
{
"name": "28493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28493"
},
{
"name": "20080328 Re: Smf 1.1.4 Remote File Inclusion Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-03/0431.html"
},
{
"name": "51301",
"refsource": "OSVDB",
"url": "http://osvdb.org/51301"
}
]
}
}

170
2008/6xxx/CVE-2008-6593.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6593",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080418 LightNEasy v.1.2.2 flat Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491064/100/0/threaded"
},
{
"name" : "5452",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5452"
},
{
"name" : "28801",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28801"
},
{
"name" : "44675",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/44675"
},
{
"name" : "29833",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29833"
},
{
"name" : "lightneasy-index-sql-injection(42009)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42009"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28801"
},
{
"name": "20080418 LightNEasy v.1.2.2 flat Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491064/100/0/threaded"
},
{
"name": "44675",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/44675"
},
{
"name": "29833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29833"
},
{
"name": "5452",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5452"
},
{
"name": "lightneasy-index-sql-injection(42009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42009"
}
]
}
}

140
2008/6xxx/CVE-2008-6683.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6956",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6956"
},
{
"name" : "32065",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32065"
},
{
"name" : "apartment-listtest-xss(46282)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46282"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apartment-listtest-xss(46282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46282"
},
{
"name": "6956",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6956"
},
{
"name": "32065",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32065"
}
]
}
}

150
2012/5xxx/CVE-2012-5287.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5287",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-5287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html"
},
{
"name" : "56376",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56376"
},
{
"name" : "86876",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86876"
},
{
"name" : "adobe-cve20125287-bo(79772)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79772"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than other Flash Player buffer overflow CVEs listed in APSB12-22."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56376"
},
{
"name": "86876",
"refsource": "OSVDB",
"url": "http://osvdb.org/86876"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-22.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-22.html"
},
{
"name": "adobe-cve20125287-bo(79772)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79772"
}
]
}
}

150
2012/5xxx/CVE-2012-5332.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5332",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long string in an HTTP header field, as demonstrated using the If-Unmodified-Since field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120318 at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0080.html"
},
{
"name" : "52553",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52553"
},
{
"name" : "48460",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48460"
},
{
"name" : "at32reverse-proxy-dos(74133)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74133"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long string in an HTTP header field, as demonstrated using the If-Unmodified-Since field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120318 at32 ReverseProxy - Multiple HTTP Header Field Denial Of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0080.html"
},
{
"name": "at32reverse-proxy-dos(74133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74133"
},
{
"name": "52553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52553"
},
{
"name": "48460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48460"
}
]
}
}

160
2012/5xxx/CVE-2012-5339.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186"
},
{
"name" : "openSUSE-SU-2012:1507",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html"
},
{
"name" : "55925",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55925"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55925"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611"
},
{
"name": "openSUSE-SU-2012:1507",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00033.html"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186"
},
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php"
}
]
}
}

34
2012/5xxx/CVE-2012-5420.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5420",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5420",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2017/11xxx/CVE-2017-11069.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00",
"ID" : "CVE-2017-11069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in Core"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-01-02T00:00:00",
"ID": "CVE-2017-11069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-01-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name" : "102413",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102413"
},
{
"name" : "1040106",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "102413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102413"
},
{
"name": "1040106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040106"
}
]
}
}

130
2017/11xxx/CVE-2017-11530.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867821",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867821"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/524",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/524"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867821",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867821"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/524",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/524"
}
]
}
}

34
2017/11xxx/CVE-2017-11915.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11915",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11915",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/11xxx/CVE-2017-11968.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11968",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11968",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2017/15xxx/CVE-2017-15595.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43014",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43014/"
},
{
"name" : "[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html"
},
{
"name" : "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html"
},
{
"name" : "https://xenbits.xen.org/xsa/advisory-240.html",
"refsource" : "CONFIRM",
"url" : "https://xenbits.xen.org/xsa/advisory-240.html"
},
{
"name" : "https://support.citrix.com/article/CTX228867",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX228867"
},
{
"name" : "DSA-4050",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4050"
},
{
"name" : "GLSA-201801-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201801-14"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-240.html",
"refsource": "CONFIRM",
"url": "https://xenbits.xen.org/xsa/advisory-240.html"
},
{
"name": "[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html"
},
{
"name": "DSA-4050",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4050"
},
{
"name": "43014",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43014/"
},
{
"name": "https://support.citrix.com/article/CTX228867",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX228867"
},
{
"name": "GLSA-201801-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-14"
}
]
}
}

130
2017/15xxx/CVE-2017-15615.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
},
{
"name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt",
"refsource" : "MISC",
"url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the lcpechointerval variable in the pptp_client.lua file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt",
"refsource": "MISC",
"url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt"
},
{
"name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
}
]
}
}

130
2017/15xxx/CVE-2017-15974.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43085",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43085/"
},
{
"name" : "https://packetstormsecurity.com/files/144444/tPanel-2009-SQL-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/144444/tPanel-2009-SQL-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43085",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43085/"
},
{
"name": "https://packetstormsecurity.com/files/144444/tPanel-2009-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/144444/tPanel-2009-SQL-Injection.html"
}
]
}
}

166
2017/3xxx/CVE-2017-3398.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3398",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Advanced Outbound Telephony",
"version" : {
"version_data" : [
{
"version_value" : "12.1.1"
},
{
"version_value" : "12.1.2"
},
{
"version_value" : "12.1.3"
},
{
"version_value" : "12.2.3"
},
{
"version_value" : "12.2.4"
},
{
"version_value" : "12.2.5"
},
{
"version_value" : "12.2.6"
}
]
}
}
]
},
"vendor_name" : "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Outbound Telephony",
"version": {
"version_data": [
{
"version_value": "12.1.1"
},
{
"version_value": "12.1.2"
},
{
"version_value": "12.1.3"
},
{
"version_value": "12.2.3"
},
{
"version_value": "12.2.4"
},
{
"version_value": "12.2.5"
},
{
"version_value": "12.2.6"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "95531",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95531"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95531"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

150
2017/3xxx/CVE-2017-3486.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SQL*Plus",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.2.0.4"
},
{
"version_affected" : "=",
"version_value" : "12.1.0.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the SQL*Plus component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where SQL*Plus executes to compromise SQL*Plus. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in SQL*Plus, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of SQL*Plus. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 6.3 with scope Unchanged. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where SQL*Plus executes to compromise SQL*Plus. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in SQL*Plus, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of SQL*Plus."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SQL*Plus",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.2.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "97870",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97870"
},
{
"name" : "1038284",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038284"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the SQL*Plus component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where SQL*Plus executes to compromise SQL*Plus. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in SQL*Plus, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of SQL*Plus. Note: This score is for Windows platform version 11.2.0.4 of Database. For Windows platform version 12.1.0.2 and Linux, the score is 6.3 with scope Unchanged. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker having Local Logon privilege with logon to the infrastructure where SQL*Plus executes to compromise SQL*Plus. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in SQL*Plus, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of SQL*Plus."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038284",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038284"
},
{
"name": "97870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97870"
}
]
}
}

34
2017/3xxx/CVE-2017-3683.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3683",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-3683",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2017/8xxx/CVE-2017-8561.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00",
"ID" : "CVE-2017-8561",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "Windows kernel"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka \"Windows Kernel Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-8561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "Windows kernel"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8561",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8561"
},
{
"name" : "99426",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99426"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka \"Windows Kernel Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8561",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8561"
},
{
"name": "99426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99426"
}
]
}
}

140
2017/8xxx/CVE-2017-8805.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org",
"ID" : "CVE-2017-8805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Debian ftpsync before 20171017",
"version" : {
"version_data" : [
{
"version_value" : "Debian ftpsync before 20171017"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "directory traversal"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-8805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Debian ftpsync before 20171017",
"version": {
"version_data": [
{
"version_value": "Debian ftpsync before 20171017"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.openwall.com/lists/oss-security/2017/10/17/2",
"refsource" : "CONFIRM",
"url" : "http://www.openwall.com/lists/oss-security/2017/10/17/2"
},
{
"name" : "https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016"
},
{
"name" : "https://lists.debian.org/debian-mirrors/2017/10/msg00017.html",
"refsource" : "CONFIRM",
"url" : "https://lists.debian.org/debian-mirrors/2017/10/msg00017.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2017/10/17/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2017/10/17/2"
},
{
"name": "https://lists.debian.org/debian-mirrors/2017/10/msg00017.html",
"refsource": "CONFIRM",
"url": "https://lists.debian.org/debian-mirrors/2017/10/msg00017.html"
},
{
"name": "https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016"
}
]
}
}

120
2017/8xxx/CVE-2017-8827.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8827",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/semplon/GeniXCMS/issues/75",
"refsource" : "MISC",
"url" : "https://github.com/semplon/GeniXCMS/issues/75"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/semplon/GeniXCMS/issues/75",
"refsource": "MISC",
"url": "https://github.com/semplon/GeniXCMS/issues/75"
}
]
}
}

120
2017/8xxx/CVE-2017-8877.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/",
"refsource" : "MISC",
"url" : "https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/",
"refsource": "MISC",
"url": "https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/"
}
]
}
}

34
2018/10xxx/CVE-2018-10435.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10435",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10435",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2018/12xxx/CVE-2018-12015.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180927-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"name" : "DSA-4226",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4226"
},
{
"name" : "USN-3684-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3684-1/"
},
{
"name" : "USN-3684-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3684-2/"
},
{
"name" : "104423",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104423"
},
{
"name" : "1041048",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041048"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104423"
},
{
"name": "1041048",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041048"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180927-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"name": "DSA-4226",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"name": "USN-3684-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"name": "USN-3684-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3684-2/"
}
]
}
}

34
2018/12xxx/CVE-2018-12443.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12443",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12443",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/13xxx/CVE-2018-13698.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintTokens function of a smart contract implementation for Play2LivePromo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Play2LivePromo",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Play2LivePromo"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintTokens function of a smart contract implementation for Play2LivePromo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Play2LivePromo",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Play2LivePromo"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

130
2018/13xxx/CVE-2018-13729.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13729",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for JPMD100B, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JPMD100B",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JPMD100B"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for JPMD100B, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JPMD100B",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JPMD100B"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

120
2018/13xxx/CVE-2018-13847.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13847",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/axiomatic-systems/Bento4/issues/283",
"refsource" : "MISC",
"url" : "https://github.com/axiomatic-systems/Bento4/issues/283"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/axiomatic-systems/Bento4/issues/283",
"refsource": "MISC",
"url": "https://github.com/axiomatic-systems/Bento4/issues/283"
}
]
}
}

34
2018/13xxx/CVE-2018-13880.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13880",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13880",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/16xxx/CVE-2018-16176.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16176",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Installer of Mapping Tool",
"version" : {
"version_data" : [
{
"version_value" : "2.0.1.6 and 2.0.1.7"
}
]
}
}
]
},
"vendor_name" : "Japan Atomic Energy Agency"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of Mapping Tool",
"version": {
"version_data": [
{
"version_value": "2.0.1.6 and 2.0.1.7"
}
]
}
}
]
},
"vendor_name": "Japan Atomic Energy Agency"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://emdb.jaea.go.jp/emdb/en/mappingtool.html",
"refsource" : "MISC",
"url" : "https://emdb.jaea.go.jp/emdb/en/mappingtool.html"
},
{
"name" : "JVN#33677949",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN33677949/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of Mapping Tool 2.0.1.6 and 2.0.1.7 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#33677949",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN33677949/index.html"
},
{
"name": "https://emdb.jaea.go.jp/emdb/en/mappingtool.html",
"refsource": "MISC",
"url": "https://emdb.jaea.go.jp/emdb/en/mappingtool.html"
}
]
}
}

34
2018/16xxx/CVE-2018-16215.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16215",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16215",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/17xxx/CVE-2018-17097.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17097",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03",
"refsource" : "MISC",
"url" : "https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03"
},
{
"name" : "https://gitlab.com/soundtouch/soundtouch/issues/14",
"refsource" : "MISC",
"url" : "https://gitlab.com/soundtouch/soundtouch/issues/14"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/soundtouch/soundtouch/issues/14",
"refsource": "MISC",
"url": "https://gitlab.com/soundtouch/soundtouch/issues/14"
},
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03"
}
]
}
}

140
2018/17xxx/CVE-2018-17298.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17298",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=4050b0aafd18346d9a6a06967bfb1170824dab17",
"refsource" : "MISC",
"url" : "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=4050b0aafd18346d9a6a06967bfb1170824dab17"
},
{
"name" : "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b87d3b807f39c00371ebaa50f938cb0110113538",
"refsource" : "MISC",
"url" : "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b87d3b807f39c00371ebaa50f938cb0110113538"
},
{
"name" : "https://tuleap.net/plugins/tracker/?aid=12219",
"refsource" : "MISC",
"url" : "https://tuleap.net/plugins/tracker/?aid=12219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Enalean Tuleap before 10.5. Reset password links are not invalidated after a user changes its password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tuleap.net/plugins/tracker/?aid=12219",
"refsource": "MISC",
"url": "https://tuleap.net/plugins/tracker/?aid=12219"
},
{
"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b87d3b807f39c00371ebaa50f938cb0110113538",
"refsource": "MISC",
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=b87d3b807f39c00371ebaa50f938cb0110113538"
},
{
"name": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=4050b0aafd18346d9a6a06967bfb1170824dab17",
"refsource": "MISC",
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=4050b0aafd18346d9a6a06967bfb1170824dab17"
}
]
}
}