admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:11:31 +00:00
parent 9e9f7c0185
commit 13c3b83a49
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 3948 additions and 3948 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/1xxx/CVE-2002-1008.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1008",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the original request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020626 ALERT: Lil'HTTP Server (Summit Computer Networks)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0332.html"
},
{
"name" : "20020708 Technical Details of Urlcount.cgi Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0072.html"
},
{
"name" : "lilhttp-report-urlcount-xss(9445)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9445.php"
},
{
"name" : "5115",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5115"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil' HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script, which is not filtered when the REPORT capability prints the original request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5115"
},
{
"name": "lilhttp-report-urlcount-xss(9445)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9445.php"
},
{
"name": "20020708 Technical Details of Urlcount.cgi Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0072.html"
},
{
"name": "20020626 ALERT: Lil'HTTP Server (Summit Computer Networks)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0332.html"
}
]
}
}

140
2002/1xxx/CVE-2002-1253.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.idefense.com/advisory/11.01.02.txt",
"refsource" : "MISC",
"url" : "http://www.idefense.com/advisory/11.01.02.txt"
},
{
"name" : "20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html"
},
{
"name" : "abuse-lisp-gain-privileges(11300)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/11300.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.idefense.com/advisory/11.01.02.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/11.01.02.txt"
},
{
"name": "abuse-lisp-gain-privileges(11300)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11300.php"
},
{
"name": "20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html"
}
]
}
}

140
2002/1xxx/CVE-2002-1524.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1524",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020929 IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0346.html"
},
{
"name" : "5832",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5832"
},
{
"name" : "winamp-xml-parser-bo(10228)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10228.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020929 IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0346.html"
},
{
"name": "5832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5832"
},
{
"name": "winamp-xml-parser-bo(10228)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10228.php"
}
]
}
}

170
2003/0xxx/CVE-2003-0035.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/307608/30/26270/threaded"
},
{
"name" : "http://www.idefense.com/advisory/01.21.03.txt",
"refsource" : "MISC",
"url" : "http://www.idefense.com/advisory/01.21.03.txt"
},
{
"name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html"
},
{
"name" : "MDKSA-2003:010",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:010"
},
{
"name" : "6658",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6658"
},
{
"name" : "1005959",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1005959"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6658"
},
{
"name": "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html"
},
{
"name": "1005959",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1005959"
},
{
"name": "MDKSA-2003:010",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:010"
},
{
"name": "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/307608/30/26270/threaded"
},
{
"name": "http://www.idefense.com/advisory/01.21.03.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/01.21.03.txt"
}
]
}
}

220
2003/0xxx/CVE-2003-0098.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0098",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt",
"refsource" : "MISC",
"url" : "http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=137900",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=137900"
},
{
"name" : "http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6",
"refsource" : "CONFIRM",
"url" : "http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6"
},
{
"name" : "MDKSA-2003:018",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018"
},
{
"name" : "SuSE-SA:2003:022",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html"
},
{
"name" : "CSSA-2003-015.0",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt"
},
{
"name" : "DSA-277",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-277"
},
{
"name" : "7200",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7200"
},
{
"name" : "6828",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6828"
},
{
"name" : "1006108",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1006108"
},
{
"name" : "apcupsd-logevent-format-string(11334)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/11334.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=137900",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=137900"
},
{
"name": "1006108",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1006108"
},
{
"name": "MDKSA-2003:018",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018"
},
{
"name": "http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt",
"refsource": "MISC",
"url": "http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt"
},
{
"name": "apcupsd-logevent-format-string(11334)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11334.php"
},
{
"name": "7200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7200"
},
{
"name": "SuSE-SA:2003:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html"
},
{
"name": "http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6"
},
{
"name": "DSA-277",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-277"
},
{
"name": "6828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6828"
},
{
"name": "CSSA-2003-015.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt"
}
]
}
}

160
2003/0xxx/CVE-2003-0162.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0162",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030227 Ecardis Password Reseting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104636153214262&w=2"
},
{
"name" : "20030303 Re: Ecardis Password Reseting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104673407728323&w=2"
},
{
"name" : "DSA-271",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-271"
},
{
"name" : "6971",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6971"
},
{
"name" : "ecartis-password-reset(11431)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11431"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-271",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-271"
},
{
"name": "20030227 Ecardis Password Reseting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104636153214262&w=2"
},
{
"name": "ecartis-password-reset(11431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11431"
},
{
"name": "20030303 Re: Ecardis Password Reseting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104673407728323&w=2"
},
{
"name": "6971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6971"
}
]
}
}

120
2003/0xxx/CVE-2003-0381.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-323",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-323"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-323",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-323"
}
]
}
}

150
2003/1xxx/CVE-2003-1093.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1093",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1093",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp",
"refsource" : "CONFIRM",
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp"
},
{
"name" : "VU#331937",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/331937"
},
{
"name" : "6586",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6586"
},
{
"name" : "weblogic-error-password-disclosure(11057)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11057"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6586"
},
{
"name": "VU#331937",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/331937"
},
{
"name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp",
"refsource": "CONFIRM",
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp"
},
{
"name": "weblogic-error-password-disclosure(11057)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11057"
}
]
}
}

170
2003/1xxx/CVE-2003-1342.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1342",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030114 Assorted Trend Vulns Rev 2.0",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html"
},
{
"name" : "20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html"
},
{
"name" : "6617",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6617"
},
{
"name" : "6185",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6185"
},
{
"name" : "7881",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/7881"
},
{
"name" : "trend-vcs-activesupport-dos(11060)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11060"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/7881"
},
{
"name": "trend-vcs-activesupport-dos(11060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11060"
},
{
"name": "6617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6617"
},
{
"name": "6185",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6185"
},
{
"name": "20030114 Assorted Trend Vulns Rev 2.0",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html"
},
{
"name": "20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html"
}
]
}
}

150
2003/1xxx/CVE-2003-1490.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1490",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030424 SonicWall Pro DoS?",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/319712"
},
{
"name" : "7435",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7435"
},
{
"name" : "3291",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3291"
},
{
"name" : "sonicwallpro-http-post-dos(11876)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11876"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3291",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3291"
},
{
"name": "20030424 SonicWall Pro DoS?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/319712"
},
{
"name": "sonicwallpro-http-post-dos(11876)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11876"
},
{
"name": "7435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7435"
}
]
}
}

120
2003/1xxx/CVE-2003-1592.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1592",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1"
}
]
}
}

170
2004/2xxx/CVE-2004-2071.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes (\"//\") after the server name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://testzone.secunia.com/advisories/10861",
"refsource" : "MISC",
"url" : "https://testzone.secunia.com/advisories/10861"
},
{
"name" : "9646",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9646"
},
{
"name" : "3926",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3926"
},
{
"name" : "1009030",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1009030"
},
{
"name" : "10861",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10861"
},
{
"name" : "macallan-gain-unauthorized-access(15194)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15194"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes (\"//\") after the server name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1009030",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009030"
},
{
"name": "3926",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3926"
},
{
"name": "macallan-gain-unauthorized-access(15194)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15194"
},
{
"name": "10861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10861"
},
{
"name": "9646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9646"
},
{
"name": "https://testzone.secunia.com/advisories/10861",
"refsource": "MISC",
"url": "https://testzone.secunia.com/advisories/10861"
}
]
}
}

190
2004/2xxx/CVE-2004-2617.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040311 Multiple Vulnerabilities in PWS 0.2.2",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-03/0109.html"
},
{
"name" : "20040314 Re: Multiple Vulnerabilities in PWS 0.2.2",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-03/0136.html"
},
{
"name" : "http://www.autistici.org/fdonato/advisory/pws0.2.2-adv.txt",
"refsource" : "MISC",
"url" : "http://www.autistici.org/fdonato/advisory/pws0.2.2-adv.txt"
},
{
"name" : "http://sourceforge.net/forum/forum.php?forum_id=359660",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?forum_id=359660"
},
{
"name" : "9847",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9847"
},
{
"name" : "4254",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4254"
},
{
"name" : "11122",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11122"
},
{
"name" : "pws-dotdot-directory-traversal(15435)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15435"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pws-dotdot-directory-traversal(15435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15435"
},
{
"name": "http://www.autistici.org/fdonato/advisory/pws0.2.2-adv.txt",
"refsource": "MISC",
"url": "http://www.autistici.org/fdonato/advisory/pws0.2.2-adv.txt"
},
{
"name": "4254",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4254"
},
{
"name": "20040311 Multiple Vulnerabilities in PWS 0.2.2",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0109.html"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=359660",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=359660"
},
{
"name": "9847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9847"
},
{
"name": "20040314 Re: Multiple Vulnerabilities in PWS 0.2.2",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0136.html"
},
{
"name": "11122",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11122"
}
]
}
}

170
2004/2xxx/CVE-2004-2623.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the \"user-controlled filter.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ansuz.sooke.bc.ca/rippy/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://ansuz.sooke.bc.ca/rippy/ChangeLog"
},
{
"name" : "http://freshmeat.net/projects/rippy/?branch_id=30091&release_id=173997",
"refsource" : "CONFIRM",
"url" : "http://freshmeat.net/projects/rippy/?branch_id=30091&release_id=173997"
},
{
"name" : "10481",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/10481"
},
{
"name" : "1011582",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011582"
},
{
"name" : "12769",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12769"
},
{
"name" : "rippy-aggregator-registerglobals-enabled(17674)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17674"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the \"user-controlled filter.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "rippy-aggregator-registerglobals-enabled(17674)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17674"
},
{
"name": "1011582",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011582"
},
{
"name": "http://ansuz.sooke.bc.ca/rippy/ChangeLog",
"refsource": "CONFIRM",
"url": "http://ansuz.sooke.bc.ca/rippy/ChangeLog"
},
{
"name": "10481",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10481"
},
{
"name": "12769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12769"
},
{
"name": "http://freshmeat.net/projects/rippy/?branch_id=30091&release_id=173997",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/rippy/?branch_id=30091&release_id=173997"
}
]
}
}

370
2008/2xxx/CVE-2008-2050.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2050",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name" : "[oss-security] 20080502 CVE Request (PHP)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name" : "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u",
"refsource" : "CONFIRM",
"url" : "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2503",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2503"
},
{
"name" : "APPLE-SA-2008-07-31",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name" : "DSA-1572",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1572"
},
{
"name" : "GLSA-200811-05",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name" : "MDVSA-2009:022",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
},
{
"name" : "MDVSA-2009:023",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
},
{
"name" : "SSA:2008-128-01",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951"
},
{
"name" : "SUSE-SR:2008:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name" : "USN-628-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name" : "29009",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29009"
},
{
"name" : "32746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32746"
},
{
"name" : "ADV-2008-1412",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name" : "ADV-2008-2268",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name" : "30048",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30048"
},
{
"name" : "30345",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30345"
},
{
"name" : "30967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30967"
},
{
"name" : "31200",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31200"
},
{
"name" : "31326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31326"
},
{
"name" : "30083",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30083"
},
{
"name" : "30158",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30158"
},
{
"name" : "php-fastcgisapi-bo(42133)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42133"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1412",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "32746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32746"
},
{
"name": "30083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30083"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "29009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "DSA-1572",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1572"
},
{
"name": "30345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30345"
},
{
"name": "USN-628-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "php-fastcgisapi-bo(42133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42133"
},
{
"name": "30967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30967"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "30158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30158"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "MDVSA-2009:023",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:023"
},
{
"name": "MDVSA-2009:022",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:022"
},
{
"name": "31200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31200"
},
{
"name": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u",
"refsource": "CONFIRM",
"url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u"
},
{
"name": "SSA:2008-128-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951"
},
{
"name": "SUSE-SR:2008:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "https://issues.rpath.com/browse/RPL-2503",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"name": "30048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30048"
}
]
}
}

170
2012/0xxx/CVE-2012-0170.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0170",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"OnReadyStateChange Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-0170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS12-023",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023"
},
{
"name" : "TA12-101A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-101A.html"
},
{
"name" : "81128",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81128"
},
{
"name" : "oval:org.mitre.oval:def:15573",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15573"
},
{
"name" : "1026901",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026901"
},
{
"name" : "ms-ie-onreadystatechange-code-exec(74381)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74381"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"OnReadyStateChange Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS12-023",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023"
},
{
"name": "1026901",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026901"
},
{
"name": "TA12-101A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-101A.html"
},
{
"name": "81128",
"refsource": "OSVDB",
"url": "http://osvdb.org/81128"
},
{
"name": "oval:org.mitre.oval:def:15573",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15573"
},
{
"name": "ms-ie-onreadystatechange-code-exec(74381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74381"
}
]
}
}

140
2012/0xxx/CVE-2012-0782.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120124 TWSL2012-002: Multiple Vulnerabilities in WordPress",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html"
},
{
"name" : "18417",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18417"
},
{
"name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18417",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18417"
},
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt"
},
{
"name": "20120124 TWSL2012-002: Multiple Vulnerabilities in WordPress",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0150.html"
}
]
}
}

170
2012/1xxx/CVE-2012-1241.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1241",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-1241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[ruby-list] 20100619 ANN: ActiveScriptRuby 1.8.7",
"refsource" : "MLIST",
"url" : "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-list/47170"
},
{
"name" : "JVN#33283707",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN33283707/index.html"
},
{
"name" : "JVNDB-2012-000031",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000031"
},
{
"name" : "53011",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53011"
},
{
"name" : "48811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48811"
},
{
"name" : "activescriptruby-grscript18-code-exec(74866)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74866"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2012-000031",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000031"
},
{
"name": "[ruby-list] 20100619 ANN: ActiveScriptRuby 1.8.7",
"refsource": "MLIST",
"url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-list/47170"
},
{
"name": "53011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53011"
},
{
"name": "48811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48811"
},
{
"name": "activescriptruby-grscript18-code-exec(74866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74866"
},
{
"name": "JVN#33283707",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN33283707/index.html"
}
]
}
}

120
2012/1xxx/CVE-2012-1350.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1350",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-1350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/12_3_8_JED1rn.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/12_3_8_JED1rn.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/12_3_8_JED1rn.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/12_3_8_JED1rn.html"
}
]
}
}

190
2012/1xxx/CVE-2012-1699.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[xorg-announce] 20120724 X.Org security advisory: DoS/info leak in xfs prior to X11R6.7/XFree86\t3.3.3",
"refsource" : "MLIST",
"url" : "http://lists.freedesktop.org/archives/xorg-announce/2012-July/002040.html"
},
{
"name" : "http://invisible-island.net/ansification/ansify-xfs-cve.html",
"refsource" : "MISC",
"url" : "http://invisible-island.net/ansification/ansify-xfs-cve.html"
},
{
"name" : "http://twitter.com/bsdaemon/status/228958599790071809",
"refsource" : "MISC",
"url" : "http://twitter.com/bsdaemon/status/228958599790071809"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=842841",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=842841"
},
{
"name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of",
"refsource" : "CONFIRM",
"url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of"
},
{
"name" : "HPSBUX02829",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=135765511704334&w=2"
},
{
"name" : "SSRT100883",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=135765511704334&w=2"
},
{
"name" : "oval:org.mitre.oval:def:19369",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19369"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:19369",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19369"
},
{
"name": "http://twitter.com/bsdaemon/status/228958599790071809",
"refsource": "MISC",
"url": "http://twitter.com/bsdaemon/status/228958599790071809"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_1699_denial_of"
},
{
"name": "HPSBUX02829",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=135765511704334&w=2"
},
{
"name": "SSRT100883",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=135765511704334&w=2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=842841",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=842841"
},
{
"name": "[xorg-announce] 20120724 X.Org security advisory: DoS/info leak in xfs prior to X11R6.7/XFree86\t3.3.3",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/xorg-announce/2012-July/002040.html"
},
{
"name": "http://invisible-island.net/ansification/ansify-xfs-cve.html",
"refsource": "MISC",
"url": "http://invisible-island.net/ansification/ansify-xfs-cve.html"
}
]
}
}

150
2012/4xxx/CVE-2012-4273.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4273",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/112615/WordPress-2-Click-Socialmedia-Buttons-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/112615/WordPress-2-Click-Socialmedia-Buttons-Cross-Site-Scripting.html"
},
{
"name" : "http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798",
"refsource" : "CONFIRM",
"url" : "http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798"
},
{
"name" : "http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog/"
},
{
"name" : "wp2clicksocialmedia-xing-xss(75518)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75518"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798"
},
{
"name": "wp2clicksocialmedia-xing-xss(75518)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75518"
},
{
"name": "http://packetstormsecurity.org/files/112615/WordPress-2-Click-Socialmedia-Buttons-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112615/WordPress-2-Click-Socialmedia-Buttons-Cross-Site-Scripting.html"
},
{
"name": "http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog/"
}
]
}
}

34
2012/5xxx/CVE-2012-5021.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5021",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5021",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2012/5xxx/CVE-2012-5229.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5229",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/view/109114/wpslideshowgallery-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/view/109114/wpslideshowgallery-xss.txt"
},
{
"name" : "51678",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51678"
},
{
"name" : "wpslideshow-gallerycss-xss(72748)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72748"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/view/109114/wpslideshowgallery-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/109114/wpslideshowgallery-xss.txt"
},
{
"name": "wpslideshow-gallerycss-xss(72748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72748"
},
{
"name": "51678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51678"
}
]
}
}

150
2012/5xxx/CVE-2012-5263.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5263",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-5263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html"
},
{
"name" : "openSUSE-SU-2013:0370",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html"
},
{
"name" : "86040",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86040"
},
{
"name" : "adobe-cve20125263-code-exec(79084)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79084"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0370",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html"
},
{
"name": "86040",
"refsource": "OSVDB",
"url": "http://osvdb.org/86040"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-22.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-22.html"
},
{
"name": "adobe-cve20125263-code-exec(79084)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79084"
}
]
}
}

160
2017/3xxx/CVE-2017-3122.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-3122",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Acrobat Reader",
"version" : {
"version_data" : [
{
"version_value" : "2017.009.20058 and earlier"
},
{
"version_value" : "2017.008.30051 and earlier"
},
{
"version_value" : "2015.006.30306 and earlier"
},
{
"version_value" : "11.0.20 and earlier"
}
]
}
}
]
},
"vendor_name" : "Adobe Systems Incorporated"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-3122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acrobat Reader",
"version": {
"version_data": [
{
"version_value": "2017.009.20058 and earlier"
},
{
"version_value": "2017.008.30051 and earlier"
},
{
"version_value": "2015.006.30306 and earlier"
},
{
"version_value": "11.0.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Adobe Systems Incorporated"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name" : "100184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100184"
},
{
"name" : "1039098",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039098"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100184"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name": "1039098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039098"
}
]
}
}

132
2017/3xxx/CVE-2017-3160.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2017-01-27T00:00:00",
"ID" : "CVE-2017-3160",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Cordova Android",
"version" : {
"version_data" : [
{
"version_value" : "Apache Cordova 6.1.0 and below"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Man-in-the-Middle vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-01-27T00:00:00",
"ID": "CVE-2017-3160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Cordova Android",
"version": {
"version_data": [
{
"version_value": "Apache Cordova 6.1.0 and below"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cordova.apache.org/announcements/2017/01/27/android-612.html",
"refsource" : "MISC",
"url" : "https://cordova.apache.org/announcements/2017/01/27/android-612.html"
},
{
"name" : "95838",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95838"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity of this issue is high due to the fact that the build scripts immediately start a build after Gradle has been fetched. Developers who are concerned about this issue should install version 6.1.2 or higher of Cordova-Android. If developers are unable to install the latest version, this vulnerability can easily be mitigated by setting the CORDOVA_ANDROID_GRADLE_DISTRIBUTION_URL environment variable to https://services.gradle.org/distributions/gradle-2.14.1-all.zip"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Man-in-the-Middle vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cordova.apache.org/announcements/2017/01/27/android-612.html",
"refsource": "MISC",
"url": "https://cordova.apache.org/announcements/2017/01/27/android-612.html"
},
{
"name": "95838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95838"
}
]
}
}

140
2017/3xxx/CVE-2017-3213.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Think Mutual Bank Mobile Banking",
"version" : {
"version_data" : [
{
"version_value" : "Think Mutual Bank Mobile Banking"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "lack of X.509 certificate validation"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Think Mutual Bank Mobile Banking",
"version": {
"version_data": [
{
"version_value": "Think Mutual Bank Mobile Banking"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/276408",
"refsource" : "MISC",
"url" : "http://www.kb.cert.org/vuls/id/276408"
},
{
"name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f",
"refsource" : "MISC",
"url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
},
{
"name" : "98308",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98308"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "lack of X.509 certificate validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
},
{
"name": "98308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98308"
},
{
"name": "http://www.kb.cert.org/vuls/id/276408",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/276408"
}
]
}
}

34
2017/3xxx/CVE-2017-3624.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3624",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-3624",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2017/3xxx/CVE-2017-3768.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"DATE_PUBLIC" : "2018-01-25T00:00:00",
"ID" : "CVE-2017-3768",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Integrated Management Module 2 (IMM2)",
"version" : {
"version_data" : [
{
"version_value" : "Earlier than 4.4 for Lenovo System x"
},
{
"version_value" : "Earlier than 6.4 for IBM System x"
}
]
}
}
]
},
"vendor_name" : "Lenovo Group Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2018-01-25T00:00:00",
"ID": "CVE-2017-3768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integrated Management Module 2 (IMM2)",
"version": {
"version_data": [
{
"version_value": "Earlier than 4.4 for Lenovo System x"
},
{
"version_value": "Earlier than 6.4 for IBM System x"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.lenovo.com/us/en/product_security/LEN-14450",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/product_security/LEN-14450"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). Flooding the IMM2 with a high volume of authentication failures via the Common Information Model (CIM) used by LXCA and OneCLI and other tools can exhaust available system memory which can cause the IMM2 to reboot itself until the requests cease."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-14450",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-14450"
}
]
}
}

34
2017/3xxx/CVE-2017-3942.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3942",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3942",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

140
2017/6xxx/CVE-2017-6052.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-6052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Hyundai Motor America Blue Link",
"version" : {
"version_data" : [
{
"version_value" : "Hyundai Motor America Blue Link"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-300"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hyundai Motor America Blue Link",
"version": {
"version_data": [
{
"version_value": "Hyundai Motor America Blue Link"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
"refsource" : "MISC",
"url" : "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name" : "98033",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98033"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-300"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name": "98033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98033"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
}
]
}
}

130
2017/6xxx/CVE-2017-6715.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-6715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Firepower Management Center",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Firepower Management Center"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More Information: CSCuy88951. Known Affected Releases: 5.4.1.6."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Management Center",
"version": {
"version_data": [
{
"version_value": "Cisco Firepower Management Center"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc1",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc1"
},
{
"name" : "99209",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99209"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More Information: CSCuy88951. Known Affected Releases: 5.4.1.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99209"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc1"
}
]
}
}

160
2017/6xxx/CVE-2017-6998.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-6998",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"AVEVideoEncoder\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-6998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42555",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42555/"
},
{
"name" : "https://support.apple.com/HT207798",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207798"
},
{
"name" : "https://support.apple.com/HT207800",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207800"
},
{
"name" : "https://support.apple.com/HT207801",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207801"
},
{
"name" : "98571",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98571"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"AVEVideoEncoder\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207800",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207800"
},
{
"name": "42555",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42555/"
},
{
"name": "98571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98571"
},
{
"name": "https://support.apple.com/HT207798",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207798"
},
{
"name": "https://support.apple.com/HT207801",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207801"
}
]
}
}

120
2017/7xxx/CVE-2017-7461.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7461",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41829",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41829/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41829",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41829/"
}
]
}
}

220
2017/7xxx/CVE-2017-7558.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2017-7558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "kernel",
"version" : {
"version_data" : [
{
"version_value" : "4.7-rc1 through 4.13"
}
]
}
}
]
},
"vendor_name" : "Linux"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.1/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "4.7-rc1 through 4.13"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-netdev] 20170823 [PATCH net] sctp: Avoid out-of-bounds reads from address storage",
"refsource" : "MLIST",
"url" : "https://marc.info/?l=linux-netdev&m=150348777122761&w=2"
},
{
"name" : "[oss-security] 20170823 CVE-2017-7558: Linux kernel: sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2017/q3/338"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558"
},
{
"name" : "DSA-3981",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3981"
},
{
"name" : "RHSA-2017:2918",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2918"
},
{
"name" : "RHSA-2017:2930",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2930"
},
{
"name" : "RHSA-2017:2931",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2931"
},
{
"name" : "100466",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100466"
},
{
"name" : "1039221",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039221"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.1/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[linux-netdev] 20170823 [PATCH net] sctp: Avoid out-of-bounds reads from address storage",
"refsource": "MLIST",
"url": "https://marc.info/?l=linux-netdev&m=150348777122761&w=2"
},
{
"name": "RHSA-2017:2918",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2918"
},
{
"name": "RHSA-2017:2931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2931"
},
{
"name": "100466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100466"
},
{
"name": "[oss-security] 20170823 CVE-2017-7558: Linux kernel: sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q3/338"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558"
},
{
"name": "1039221",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039221"
},
{
"name": "DSA-3981",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3981"
},
{
"name": "RHSA-2017:2930",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2930"
}
]
}
}

150
2017/7xxx/CVE-2017-7600.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7600",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibTIFF 4.0.7 has an \"outside the range of representable values of type unsigned char\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
},
{
"name" : "DSA-3844",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3844"
},
{
"name" : "GLSA-201709-27",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-27"
},
{
"name" : "USN-3602-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3602-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibTIFF 4.0.7 has an \"outside the range of representable values of type unsigned char\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
},
{
"name": "DSA-3844",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3844"
},
{
"name": "GLSA-201709-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-27"
},
{
"name": "USN-3602-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3602-1/"
}
]
}
}

120
2017/7xxx/CVE-2017-7879.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7879",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/flatCore/flatCore-CMS/issues/28",
"refsource" : "CONFIRM",
"url" : "https://github.com/flatCore/flatCore-CMS/issues/28"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/flatCore/flatCore-CMS/issues/28",
"refsource": "CONFIRM",
"url": "https://github.com/flatCore/flatCore-CMS/issues/28"
}
]
}
}

122
2017/8xxx/CVE-2017-8180.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-8180",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nice-AL00",
"version" : {
"version_data" : [
{
"version_value" : "Versions earlier than Nice-AL00C00B155"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege and sends a specific parameter to the driver of the smart phone, causing privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nice-AL00",
"version": {
"version_data": [
{
"version_value": "Versions earlier than Nice-AL00C00B155"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170919-01-mtk-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170919-01-mtk-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious application which has special privilege and sends a specific parameter to the driver of the smart phone, causing privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170919-01-mtk-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170919-01-mtk-en"
}
]
}
}

140
2017/8xxx/CVE-2017-8294.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/VirusTotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e",
"refsource" : "CONFIRM",
"url" : "https://github.com/VirusTotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e"
},
{
"name" : "https://github.com/VirusTotal/yara/issues/646",
"refsource" : "CONFIRM",
"url" : "https://github.com/VirusTotal/yara/issues/646"
},
{
"name" : "98072",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98072"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98072"
},
{
"name": "https://github.com/VirusTotal/yara/issues/646",
"refsource": "CONFIRM",
"url": "https://github.com/VirusTotal/yara/issues/646"
},
{
"name": "https://github.com/VirusTotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e",
"refsource": "CONFIRM",
"url": "https://github.com/VirusTotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e"
}
]
}
}

130
2018/10xxx/CVE-2018-10568.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180501 XSS in Flexense DiskSorter, affects all versions",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/9"
},
{
"name" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions",
"refsource" : "MISC",
"url" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180501 XSS in Flexense DiskSorter, affects all versions",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/9"
},
{
"name": "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions",
"refsource": "MISC",
"url": "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions"
}
]
}
}

140
2018/10xxx/CVE-2018-10767.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10767",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10767",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1575188",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1575188"
},
{
"name" : "RHSA-2018:3140",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"name" : "RHSA-2018:3505",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3505"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1575188",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575188"
},
{
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "RHSA-2018:3140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
}
]
}
}

120
2018/10xxx/CVE-2018-10776.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/document/d/1gkHfRWO9f-FTBhZ3ZT3RMZZ_JbJ18ZIkH2GlVTV35cQ/edit",
"refsource" : "MISC",
"url" : "https://docs.google.com/document/d/1gkHfRWO9f-FTBhZ3ZT3RMZZ_JbJ18ZIkH2GlVTV35cQ/edit"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.google.com/document/d/1gkHfRWO9f-FTBhZ3ZT3RMZZ_JbJ18ZIkH2GlVTV35cQ/edit",
"refsource": "MISC",
"url": "https://docs.google.com/document/d/1gkHfRWO9f-FTBhZ3ZT3RMZZ_JbJ18ZIkH2GlVTV35cQ/edit"
}
]
}
}

130
2018/13xxx/CVE-2018-13661.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13661",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for APP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/APP",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/APP"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for APP, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/APP",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/APP"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

130
2018/13xxx/CVE-2018-13693.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for GreenEnergyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GreenEnergyToken",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GreenEnergyToken"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for GreenEnergyToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GreenEnergyToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GreenEnergyToken"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

120
2018/17xxx/CVE-2018-17090.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17090",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing <textarea> followed by <script></script> tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.safecomp.com/blog/donlinkage.html",
"refsource" : "MISC",
"url" : "http://www.safecomp.com/blog/donlinkage.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing <textarea> followed by <script></script> tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.safecomp.com/blog/donlinkage.html",
"refsource": "MISC",
"url": "http://www.safecomp.com/blog/donlinkage.html"
}
]
}
}

120
2018/17xxx/CVE-2018-17414.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17414",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/seedis/zzcms/blob/master/SQL%20injection.md",
"refsource" : "MISC",
"url" : "https://github.com/seedis/zzcms/blob/master/SQL%20injection.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/seedis/zzcms/blob/master/SQL%20injection.md",
"refsource": "MISC",
"url": "https://github.com/seedis/zzcms/blob/master/SQL%20injection.md"
}
]
}
}

120
2018/17xxx/CVE-2018-17594.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/149593/Airties-AIR5442-1.0.0.18-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149593/Airties-AIR5442-1.0.0.18-Cross-Site-Scripting.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/149593/Airties-AIR5442-1.0.0.18-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149593/Airties-AIR5442-1.0.0.18-Cross-Site-Scripting.html"
}
]
}
}

120
2018/17xxx/CVE-2018-17610.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17610",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "MISC",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

132
2018/17xxx/CVE-2018-17888.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-10-11T00:00:00",
"ID" : "CVE-2018-17888",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NUUO CMS",
"version" : {
"version_data" : [
{
"version_value" : "All versions 3.1 and prior"
}
]
}
}
]
},
"vendor_name" : "NUUO"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "USE OF INSUFFICIENTLY RANDOM VALUES CWE-330"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-11T00:00:00",
"ID": "CVE-2018-17888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NUUO CMS",
"version": {
"version_data": [
{
"version_value": "All versions 3.1 and prior"
}
]
}
}
]
},
"vendor_name": "NUUO"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
},
{
"name" : "105717",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105717"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF INSUFFICIENTLY RANDOM VALUES CWE-330"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105717"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02"
}
]
}
}

34
2018/17xxx/CVE-2018-17932.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17932",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17932",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/20xxx/CVE-2018-20060.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649153",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649153"
},
{
"name" : "https://github.com/urllib3/urllib3/blob/master/CHANGES.rst",
"refsource" : "MISC",
"url" : "https://github.com/urllib3/urllib3/blob/master/CHANGES.rst"
},
{
"name" : "https://github.com/urllib3/urllib3/issues/1316",
"refsource" : "MISC",
"url" : "https://github.com/urllib3/urllib3/issues/1316"
},
{
"name" : "https://github.com/urllib3/urllib3/pull/1346",
"refsource" : "MISC",
"url" : "https://github.com/urllib3/urllib3/pull/1346"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/urllib3/urllib3/issues/1316",
"refsource": "MISC",
"url": "https://github.com/urllib3/urllib3/issues/1316"
},
{
"name": "https://github.com/urllib3/urllib3/pull/1346",
"refsource": "MISC",
"url": "https://github.com/urllib3/urllib3/pull/1346"
},
{
"name": "https://github.com/urllib3/urllib3/blob/master/CHANGES.rst",
"refsource": "MISC",
"url": "https://github.com/urllib3/urllib3/blob/master/CHANGES.rst"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1649153",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649153"
}
]
}
}

150
2018/20xxx/CVE-2018-20232.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2019-01-25T00:00:00",
"ID" : "CVE-2018-20232",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jira",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "7.6.11"
},
{
"version_affected" : ">",
"version_value" : "7.7.0"
},
{
"version_affected" : "<",
"version_value" : "7.13.1"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-01-25T00:00:00",
"ID": "CVE-2018-20232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Jira",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "7.6.11"
},
{
"version_affected": ">",
"version_value": "7.7.0"
},
{
"version_affected": "<",
"version_value": "7.13.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/JRASERVER-68614",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/JRASERVER-68614"
},
{
"name" : "107023",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The labels widget gadget in Atlassian Jira before version 7.6.11 and from version 7.7.0 before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the rendering of retrieved content from a url location that could be manipulated by the up_projectid widget preference setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/JRASERVER-68614",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/JRASERVER-68614"
},
{
"name": "107023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107023"
}
]
}
}

130
2018/20xxx/CVE-2018-20339.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
"refsource" : "MISC",
"url" : "https://www.manageengine.com/network-monitoring/help/read-me.html"
},
{
"name" : "106302",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106302"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/network-monitoring/help/read-me.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/network-monitoring/help/read-me.html"
},
{
"name": "106302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106302"
}
]
}
}

130
2018/20xxx/CVE-2018-20717.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20717",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.ripstech.com/2018/prestashop-remote-code-execution/",
"refsource" : "MISC",
"url" : "https://blog.ripstech.com/2018/prestashop-remote-code-execution/"
},
{
"name" : "https://build.prestashop.com/news/prestashop-1-7-2-5-maintenance-release/",
"refsource" : "MISC",
"url" : "https://build.prestashop.com/news/prestashop-1-7-2-5-maintenance-release/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.ripstech.com/2018/prestashop-remote-code-execution/",
"refsource": "MISC",
"url": "https://blog.ripstech.com/2018/prestashop-remote-code-execution/"
},
{
"name": "https://build.prestashop.com/news/prestashop-1-7-2-5-maintenance-release/",
"refsource": "MISC",
"url": "https://build.prestashop.com/news/prestashop-1-7-2-5-maintenance-release/"
}
]
}
}

120
2018/9xxx/CVE-2018-9309.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/lihonghuyang/vulnerability/blob/master/dl_sendsms.php.md",
"refsource" : "MISC",
"url" : "https://github.com/lihonghuyang/vulnerability/blob/master/dl_sendsms.php.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/lihonghuyang/vulnerability/blob/master/dl_sendsms.php.md",
"refsource": "MISC",
"url": "https://github.com/lihonghuyang/vulnerability/blob/master/dl_sendsms.php.md"
}
]
}
}

34
2018/9xxx/CVE-2018-9596.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9596",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9596",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9654.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9654",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9654",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9708.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9708",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9708",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9891.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9891",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9891",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}