admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:22:55 +00:00
parent 671ee50f3a
commit 255987e871
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 3932 additions and 3932 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/0xxx/CVE-2002-0756.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0756",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
},
{
"name" : "4694",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4694"
},
{
"name" : "webmin-usermin-authpage-css(9036)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9036.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webmin-usermin-authpage-css(9036)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9036.php"
},
{
"name": "4694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4694"
},
{
"name": "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
}
]
}
}

160
2002/0xxx/CVE-2002-0922.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0922",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to default%2edb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html"
},
{
"name" : "cgiscript-csnews-admin-access(9333)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9333.php"
},
{
"name" : "cgiscript-csnews-file-disclosure(9332)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9332.php"
},
{
"name" : "4991",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4991"
},
{
"name" : "4993",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4993"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to default%2edb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4991"
},
{
"name": "cgiscript-csnews-admin-access(9333)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9333.php"
},
{
"name": "cgiscript-csnews-file-disclosure(9332)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9332.php"
},
{
"name": "4993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4993"
},
{
"name": "20020611 CGIscript.net - csNews.cgi - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0091.html"
}
]
}
}

140
2002/1xxx/CVE-2002-1184.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS02-064",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-064"
},
{
"name" : "win2k-partition-weak-permissions(9779)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9779"
},
{
"name" : "5415",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5415"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5415"
},
{
"name": "MS02-064",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-064"
},
{
"name": "win2k-partition-weak-permissions(9779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9779"
}
]
}
}

160
2002/2xxx/CVE-2002-2192.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via (1) a Host: header when DNS wildcards are supported or (2) the query string in a \"dir\" request to indexed folders."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021108 LiteServe Directory Index Cross-Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/298987"
},
{
"name" : "20021107 LiteServe Directory Index Cross-Site Scripting",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0063.html"
},
{
"name" : "liteserve-directory-index-xss(10561)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10561.php"
},
{
"name" : "6131",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6131"
},
{
"name" : "6143",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6143"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 allows remote attackers to execute arbitrary web script via (1) a Host: header when DNS wildcards are supported or (2) the query string in a \"dir\" request to indexed folders."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6131"
},
{
"name": "20021108 LiteServe Directory Index Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/298987"
},
{
"name": "liteserve-directory-index-xss(10561)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10561.php"
},
{
"name": "6143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6143"
},
{
"name": "20021107 LiteServe Directory Index Cross-Site Scripting",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0063.html"
}
]
}
}

160
2002/2xxx/CVE-2002-2376.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2376",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue might overlap CVE-2005-1605."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020629 SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0388.html"
},
{
"name" : "5128",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5128"
},
{
"name" : "5129",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5129"
},
{
"name" : "eguest-html-xss(9469)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9469.php"
},
{
"name" : "eguest-ssi-command-execution(9470)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9470.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue might overlap CVE-2005-1605."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5129"
},
{
"name": "20020629 SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0388.html"
},
{
"name": "eguest-html-xss(9469)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9469.php"
},
{
"name": "5128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5128"
},
{
"name": "eguest-ssi-command-execution(9470)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9470.php"
}
]
}
}

140
2003/0xxx/CVE-2003-0169.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0164.html"
},
{
"name" : "20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104914959705949&w=2"
},
{
"name" : "7246",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7246"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0164.html"
},
{
"name": "20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104914959705949&w=2"
},
{
"name": "7246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7246"
}
]
}
}

120
2003/0xxx/CVE-2003-0559.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030710 PHP-Include-Hack-Possibility in phpforum 2 RC-1",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105787021803729&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030710 PHP-Include-Hack-Possibility in phpforum 2 RC-1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105787021803729&w=2"
}
]
}
}

150
2005/1xxx/CVE-2005-1024.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050403 Full path disclosure and XSS in PHPNuke",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111263454308478&w=2"
},
{
"name" : "http://www.securityreason.com/adv/PHPNuke%206.x-7.6-p1.txt",
"refsource" : "MISC",
"url" : "http://www.securityreason.com/adv/PHPNuke%206.x-7.6-p1.txt"
},
{
"name" : "phpnuke-modulesphp-path-disclosure(19953)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19953"
},
{
"name" : "phpnuke-myheadlines-path-disclosure(44980)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44980"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityreason.com/adv/PHPNuke%206.x-7.6-p1.txt",
"refsource": "MISC",
"url": "http://www.securityreason.com/adv/PHPNuke%206.x-7.6-p1.txt"
},
{
"name": "phpnuke-modulesphp-path-disclosure(19953)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19953"
},
{
"name": "20050403 Full path disclosure and XSS in PHPNuke",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111263454308478&w=2"
},
{
"name": "phpnuke-myheadlines-path-disclosure(44980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44980"
}
]
}
}

200
2005/1xxx/CVE-2005-1278.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-1278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050426 tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/396932"
},
{
"name" : "FLSA:156139",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/430292/100/0/threaded"
},
{
"name" : "RHSA-2005:417",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-417.html"
},
{
"name" : "RHSA-2005:421",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-421.html"
},
{
"name" : "SCOSA-2005.60",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txt"
},
{
"name" : "13392",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13392"
},
{
"name" : "oval:org.mitre.oval:def:10159",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10159"
},
{
"name" : "18146",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18146"
},
{
"name" : "15125",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13392"
},
{
"name": "15125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15125"
},
{
"name": "RHSA-2005:421",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-421.html"
},
{
"name": "20050426 tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/396932"
},
{
"name": "RHSA-2005:417",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-417.html"
},
{
"name": "FLSA:156139",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430292/100/0/threaded"
},
{
"name": "SCOSA-2005.60",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txt"
},
{
"name": "oval:org.mitre.oval:def:10159",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10159"
},
{
"name": "18146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18146"
}
]
}
}

130
2005/1xxx/CVE-2005-1551.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1551",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050509 Viruses can evade Sophos Anti-Virus",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111566827411376&w=2"
},
{
"name" : "sophos-download-virus-undetected(20519)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20519"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050509 Viruses can evade Sophos Anti-Virus",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111566827411376&w=2"
},
{
"name": "sophos-download-virus-undetected(20519)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20519"
}
]
}
}

130
2005/1xxx/CVE-2005-1672.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1672",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message field of a chat request, or (4) the message body when opening a trouble ticket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050517 Help Center Live Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/398457"
},
{
"name" : "http://www.gulftech.org/?node=research&article_id=00076-05172005",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00076-05172005"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message field of a chat request, or (4) the message body when opening a trouble ticket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gulftech.org/?node=research&article_id=00076-05172005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00076-05172005"
},
{
"name": "20050517 Help Center Live Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/398457"
}
]
}
}

370
2009/1xxx/CVE-2009-1106.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1106",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1",
"refsource" : "MISC",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name" : "GLSA-200911-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name" : "HPSBMA02429",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
},
{
"name" : "SSRT090058",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
},
{
"name" : "HPSBUX02429",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124344236532162&w=2"
},
{
"name" : "RHSA-2009:0392",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"name" : "RHSA-2009:1038",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
},
{
"name" : "RHSA-2009:1198",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
},
{
"name" : "254611",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
},
{
"name" : "SUSE-SA:2009:016",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"name" : "SUSE-SA:2009:036",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
},
{
"name" : "34240",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34240"
},
{
"name" : "oval:org.mitre.oval:def:6619",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6619"
},
{
"name" : "1021920",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021920"
},
{
"name" : "34496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34496"
},
{
"name" : "35156",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35156"
},
{
"name" : "35255",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35255"
},
{
"name" : "36185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36185"
},
{
"name" : "37386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37386"
},
{
"name" : "37460",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37460"
},
{
"name" : "ADV-2009-1426",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1426"
},
{
"name" : "ADV-2009-3316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name" : "jre-plugin-crossdomain-info-disclosure(49459)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49459"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2009:036",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
},
{
"name": "SSRT090058",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
},
{
"name": "35156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35156"
},
{
"name": "oval:org.mitre.oval:def:6619",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6619"
},
{
"name": "37460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37460"
},
{
"name": "GLSA-200911-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "RHSA-2009:1038",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
},
{
"name": "RHSA-2009:1198",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "HPSBUX02429",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124344236532162&w=2"
},
{
"name": "36185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36185"
},
{
"name": "35255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35255"
},
{
"name": "ADV-2009-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1426"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "RHSA-2009:0392",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"name": "jre-plugin-crossdomain-info-disclosure(49459)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49459"
},
{
"name": "34240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34240"
},
{
"name": "34496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34496"
},
{
"name": "1021920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021920"
},
{
"name": "HPSBMA02429",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
},
{
"name": "254611",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1",
"refsource": "MISC",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
},
{
"name": "SUSE-SA:2009:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}

230
2009/1xxx/CVE-2009-1384.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1384",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "[oss-security] 20090527 CVE assignment notification (pam_krb5 CVE-2009-1384)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/05/27/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=502602",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=502602"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "MDVSA-2010:054",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:054"
},
{
"name" : "35112",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35112"
},
{
"name" : "54791",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54791"
},
{
"name" : "oval:org.mitre.oval:def:7081",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081"
},
{
"name" : "oval:org.mitre.oval:def:9652",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652"
},
{
"name" : "35230",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35230"
},
{
"name" : "43314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43314"
},
{
"name" : "ADV-2009-1448",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1448"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35230"
},
{
"name": "oval:org.mitre.oval:def:9652",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9652"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=502602",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=502602"
},
{
"name": "43314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43314"
},
{
"name": "[oss-security] 20090527 CVE assignment notification (pam_krb5 CVE-2009-1384)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/27/1"
},
{
"name": "oval:org.mitre.oval:def:7081",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7081"
},
{
"name": "MDVSA-2010:054",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:054"
},
{
"name": "54791",
"refsource": "OSVDB",
"url": "http://osvdb.org/54791"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "ADV-2009-1448",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1448"
},
{
"name": "35112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35112"
}
]
}
}

140
2009/1xxx/CVE-2009-1480.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1480",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090424 Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502933/100/0/threaded"
},
{
"name" : "8533",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8533"
},
{
"name" : "34707",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34707"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8533",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8533"
},
{
"name": "20090424 Pragyan CMS 2.6.4 Multiple SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502933/100/0/threaded"
},
{
"name": "34707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34707"
}
]
}
}

140
2009/1xxx/CVE-2009-1643.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1643",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8624",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8624"
},
{
"name" : "34863",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34863"
},
{
"name" : "soritong-m3u-bo(50398)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50398"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8624",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8624"
},
{
"name": "soritong-m3u-bo(50398)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50398"
},
{
"name": "34863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34863"
}
]
}
}

190
2009/1xxx/CVE-2009-1978.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows remote authenticated users to execute arbitrary code with SYSTEM privileges via vectors involving property_box.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-059/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-059/"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name" : "35678",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35678"
},
{
"name" : "55904",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55904"
},
{
"name" : "1022565",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022565"
},
{
"name" : "35776",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35776"
},
{
"name" : "ADV-2009-1900",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name" : "oracle-sb-sbc-unspecified(51762)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51762"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows remote authenticated users to execute arbitrary code with SYSTEM privileges via vectors involving property_box.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35776"
},
{
"name": "55904",
"refsource": "OSVDB",
"url": "http://osvdb.org/55904"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-059/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-059/"
},
{
"name": "ADV-2009-1900",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name": "1022565",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022565"
},
{
"name": "oracle-sb-sbc-unspecified(51762)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51762"
},
{
"name": "35678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35678"
}
]
}
}

180
2012/0xxx/CVE-2012-0038.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0038",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120110 Re: CVE request: kernel: xfs heap overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/01/10/11"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=093019cf1b18dd31b2c3b77acce4e000e2cbc9ce",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=093019cf1b18dd31b2c3b77acce4e000e2cbc9ce"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.9",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.9"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=773280",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=773280"
},
{
"name" : "https://github.com/torvalds/linux/commit/093019cf1b18dd31b2c3b77acce4e000e2cbc9ce",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/093019cf1b18dd31b2c3b77acce4e000e2cbc9ce"
},
{
"name" : "https://github.com/torvalds/linux/commit/fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120110 Re: CVE request: kernel: xfs heap overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/10/11"
},
{
"name": "https://github.com/torvalds/linux/commit/fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=093019cf1b18dd31b2c3b77acce4e000e2cbc9ce",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=093019cf1b18dd31b2c3b77acce4e000e2cbc9ce"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=773280",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=773280"
},
{
"name": "https://github.com/torvalds/linux/commit/093019cf1b18dd31b2c3b77acce4e000e2cbc9ce",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/093019cf1b18dd31b2c3b77acce4e000e2cbc9ce"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.9",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.9"
}
]
}
}

170
2012/0xxx/CVE-2012-0276.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-0276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19337",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/19337"
},
{
"name" : "19338",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/19338"
},
{
"name" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=48",
"refsource" : "MISC",
"url" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=48"
},
{
"name" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=49",
"refsource" : "MISC",
"url" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=49"
},
{
"name" : "http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858",
"refsource" : "CONFIRM",
"url" : "http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858"
},
{
"name" : "48666",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48666"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=49",
"refsource": "MISC",
"url": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=49"
},
{
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858",
"refsource": "CONFIRM",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858"
},
{
"name": "48666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48666"
},
{
"name": "19338",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19338"
},
{
"name": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=48",
"refsource": "MISC",
"url": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=48"
},
{
"name": "19337",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19337"
}
]
}
}

34
2012/0xxx/CVE-2012-0877.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0877",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0877",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2012/3xxx/CVE-2012-3123.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3123",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "54517",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54517"
},
{
"name" : "83939",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/83939"
},
{
"name" : "1027274",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027274"
},
{
"name" : "solaris-apachehttpserver-info-disc(77046)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77046"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54517"
},
{
"name": "83939",
"refsource": "OSVDB",
"url": "http://osvdb.org/83939"
},
{
"name": "1027274",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027274"
},
{
"name": "solaris-apachehttpserver-info-disc(77046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77046"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2012/3xxx/CVE-2012-3297.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows remote attackers to inject arbitrary web script or HTML via a crafted URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-3297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=swg21618972",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=swg21618972"
},
{
"name" : "1027850",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027850"
},
{
"name" : "tivolimonitoring-hmc-xss(77291)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77291"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows remote attackers to inject arbitrary web script or HTML via a crafted URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tivolimonitoring-hmc-xss(77291)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77291"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg21618972",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21618972"
},
{
"name": "1027850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027850"
}
]
}
}

210
2012/3xxx/CVE-2012-3450.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3450",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120610 [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2012/Jun/60"
},
{
"name" : "[oss-security] 20120802 CVE Request: php5 pdo array overread/crash",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/02/3"
},
{
"name" : "[oss-security] 20120802 Re: CVE Request: php5 pdo array overread/crash",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/02/7"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "https://bugs.php.net/bug.php?id=61755",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=61755"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=769785",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=769785"
},
{
"name" : "DSA-2527",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2527"
},
{
"name" : "MDVSA-2012:108",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:108"
},
{
"name" : "SUSE-SU-2012:1033",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html"
},
{
"name" : "USN-1569-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1569-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120802 Re: CVE Request: php5 pdo array overread/crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/02/7"
},
{
"name": "DSA-2527",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2527"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "[oss-security] 20120802 CVE Request: php5 pdo array overread/crash",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/02/3"
},
{
"name": "https://bugs.php.net/bug.php?id=61755",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=61755"
},
{
"name": "20120610 [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2012/Jun/60"
},
{
"name": "MDVSA-2012:108",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:108"
},
{
"name": "USN-1569-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1569-1"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=769785",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=769785"
},
{
"name": "SUSE-SU-2012:1033",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00021.html"
}
]
}
}

170
2012/3xxx/CVE-2012-3753.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/118421/Apple-QuickTime-7.7.2-MIME-Type-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/118421/Apple-QuickTime-7.7.2-MIME-Type-Buffer-Overflow.html"
},
{
"name" : "http://support.apple.com/kb/HT5581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5581"
},
{
"name" : "APPLE-SA-2012-11-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html"
},
{
"name" : "oval:org.mitre.oval:def:15947",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15947"
},
{
"name" : "51226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51226"
},
{
"name" : "apple-quicktime-mime-bo(79900)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79900"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51226"
},
{
"name": "APPLE-SA-2012-11-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html"
},
{
"name": "oval:org.mitre.oval:def:15947",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15947"
},
{
"name": "http://packetstormsecurity.com/files/118421/Apple-QuickTime-7.7.2-MIME-Type-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/118421/Apple-QuickTime-7.7.2-MIME-Type-Buffer-Overflow.html"
},
{
"name": "apple-quicktime-mime-bo(79900)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79900"
},
{
"name": "http://support.apple.com/kb/HT5581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5581"
}
]
}
}

130
2012/3xxx/CVE-2012-3881.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) 95.php, (2) view.php, or (3) rtg.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120709 CVE-2012-3881 RTG and RTG2: 95.php/rtg.php/view.php SQL injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/07/09/2"
},
{
"name" : "https://code.google.com/p/rtg2/issues/detail?id=35",
"refsource" : "MISC",
"url" : "https://code.google.com/p/rtg2/issues/detail?id=35"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) 95.php, (2) view.php, or (3) rtg.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120709 CVE-2012-3881 RTG and RTG2: 95.php/rtg.php/view.php SQL injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/09/2"
},
{
"name": "https://code.google.com/p/rtg2/issues/detail?id=35",
"refsource": "MISC",
"url": "https://code.google.com/p/rtg2/issues/detail?id=35"
}
]
}
}

34
2012/4xxx/CVE-2012-4129.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4129",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-4129",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

140
2012/4xxx/CVE-2012-4250.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4250",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18808",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18808"
},
{
"name" : "53317",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53317"
},
{
"name" : "samsung-netiviewer-activex-bo(75310)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75310"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53317"
},
{
"name": "samsung-netiviewer-activex-bo(75310)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75310"
},
{
"name": "18808",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18808"
}
]
}
}

140
2012/4xxx/CVE-2012-4680.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4680",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \\ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.foofus.net/?page_id=616",
"refsource" : "MISC",
"url" : "http://www.foofus.net/?page_id=616"
},
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-258-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-258-01"
},
{
"name" : "50297",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50297"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \\ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-258-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-258-01"
},
{
"name": "http://www.foofus.net/?page_id=616",
"refsource": "MISC",
"url": "http://www.foofus.net/?page_id=616"
},
{
"name": "50297",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50297"
}
]
}
}

130
2012/4xxx/CVE-2012-4832.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4832",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-4832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21623501",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"
},
{
"name" : "ibm-iis-loginpage-password-disclosure(78906)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78906"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 and InfoSphere Business Glossary 8.1.1 and 8.1.2 does not have an off autocomplete attribute for the password field on the login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21623501"
},
{
"name": "ibm-iis-loginpage-password-disclosure(78906)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78906"
}
]
}
}

170
2012/6xxx/CVE-2012-6554.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6554",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18898",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18898"
},
{
"name" : "http://www.activecollab.com/downloads/category/4/package/62/releases",
"refsource" : "MISC",
"url" : "http://www.activecollab.com/downloads/category/4/package/62/releases"
},
{
"name" : "53624",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53624"
},
{
"name" : "81966",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81966"
},
{
"name" : "49246",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49246"
},
{
"name" : "activecollab-pregreplace-code-exec(75741)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75741"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18898",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18898"
},
{
"name": "activecollab-pregreplace-code-exec(75741)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75741"
},
{
"name": "81966",
"refsource": "OSVDB",
"url": "http://osvdb.org/81966"
},
{
"name": "53624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53624"
},
{
"name": "http://www.activecollab.com/downloads/category/4/package/62/releases",
"refsource": "MISC",
"url": "http://www.activecollab.com/downloads/category/4/package/62/releases"
},
{
"name": "49246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49246"
}
]
}
}

120
2012/6xxx/CVE-2012-6605.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/16",
"refsource" : "CONFIRM",
"url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/16"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 34896."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/16",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/16"
}
]
}
}

34
2017/2xxx/CVE-2017-2052.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2052",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2052",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

120
2017/2xxx/CVE-2017-2233.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Installer of PDF Digital Signature Plugin",
"version" : {
"version_data" : [
{
"version_value" : "(G2.30) and earlier, distributed till June 29, 2017"
}
]
}
}
]
},
"vendor_name" : "The Ministry of Justice"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of PDF Digital Signature Plugin",
"version": {
"version_data": [
{
"version_value": "(G2.30) and earlier, distributed till June 29, 2017"
}
]
}
}
]
},
"vendor_name": "The Ministry of Justice"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#45134765",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN45134765/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of PDF Digital Signature Plugin (G2.30) and earlier, distributed till June 29, 2017 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#45134765",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN45134765/index.html"
}
]
}
}

122
2017/2xxx/CVE-2017-2722.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-2722",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300,TE60,TP3106,ViewPoint 9030,eCNS210_TD,eSpace 7950,eSpace IAD,eSpace U1981",
"version" : {
"version_data" : [
{
"version_value" : "DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and V200R003C30,eSpace IAD with software V300R001C07SPCa00 and V300R002C01SPCb00,eSpace U1981 with software V100R001C20, V100R001C30, V200R003C00, V200R003C20 and V200R003C30"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and V200R003C30,eSpace IAD with software V300R001C07SPCa00 and V300R002C01SPCb00,eSpace U1981 with software V100R001C20, V100R001C30, V200R003C00, V200R003C20 and V200R003C30 have an input validation vulnerability.A remote attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. A successful exploit could allow the attacker to cause a denial of service or execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Input Validation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DP300,TE60,TP3106,ViewPoint 9030,eCNS210_TD,eSpace 7950,eSpace IAD,eSpace U1981",
"version": {
"version_data": [
{
"version_value": "DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and V200R003C30,eSpace IAD with software V300R001C07SPCa00 and V300R002C01SPCb00,eSpace U1981 with software V100R001C20, V100R001C30, V200R003C00, V200R003C20 and V200R003C30"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-pse-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-pse-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R003C00, V500R002C00 and V600R006C00,TP3106 with software V100R001C06 and V100R002C00,ViewPoint 9030 with software V100R011C02, V100R011C03,eCNS210_TD with software V100R004C10,eSpace 7950 with software V200R003C00 and V200R003C30,eSpace IAD with software V300R001C07SPCa00 and V300R002C01SPCb00,eSpace U1981 with software V100R001C20, V100R001C30, V200R003C00, V200R003C20 and V200R003C30 have an input validation vulnerability.A remote attacker may exploit this vulnerability by crafting a malformed packet and sending it to the device. A successful exploit could allow the attacker to cause a denial of service or execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-pse-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170419-01-pse-en"
}
]
}
}

160
2017/2xxx/CVE-2017-2991.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-2991",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 24.0.0.194 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 24.0.0.194 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-2991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 24.0.0.194 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 24.0.0.194 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html"
},
{
"name" : "GLSA-201702-20",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-20"
},
{
"name" : "RHSA-2017:0275",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0275.html"
},
{
"name" : "96190",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96190"
},
{
"name" : "1037815",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037815"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96190"
},
{
"name": "GLSA-201702-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-20"
},
{
"name": "RHSA-2017:0275",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html"
},
{
"name": "1037815",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037815"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html"
}
]
}
}

160
2017/6xxx/CVE-2017-6306.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6306",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.openwall.com/lists/oss-security/2017/02/15/4",
"refsource" : "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/15/4"
},
{
"name" : "https://github.com/Yeraze/ytnef/pull/27",
"refsource" : "MISC",
"url" : "https://github.com/Yeraze/ytnef/pull/27"
},
{
"name" : "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/",
"refsource" : "MISC",
"url" : "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/"
},
{
"name" : "DSA-3846",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3846"
},
{
"name" : "96423",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96423"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96423"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/02/15/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/02/15/4"
},
{
"name": "https://github.com/Yeraze/ytnef/pull/27",
"refsource": "MISC",
"url": "https://github.com/Yeraze/ytnef/pull/27"
},
{
"name": "DSA-3846",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3846"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/"
}
]
}
}

130
2017/6xxx/CVE-2017-6320.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6320",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42333",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42333/"
},
{
"name" : "https://campus.barracuda.com/product/loadbalanceradc/article/ADC/ReleaseNotes610003/",
"refsource" : "MISC",
"url" : "https://campus.barracuda.com/product/loadbalanceradc/article/ADC/ReleaseNotes610003/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://campus.barracuda.com/product/loadbalanceradc/article/ADC/ReleaseNotes610003/",
"refsource": "MISC",
"url": "https://campus.barracuda.com/product/loadbalanceradc/article/ADC/ReleaseNotes610003/"
},
{
"name": "42333",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42333/"
}
]
}
}

190
2017/6xxx/CVE-2017-6464.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6464",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.ntp.org/bin/view/Main/NtpBug3389",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/NtpBug3389"
},
{
"name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name" : "https://support.apple.com/HT208144",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208144"
},
{
"name" : "FreeBSD-SA-17:03",
"refsource" : "FREEBSD",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name" : "RHSA-2017:3071",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"name" : "RHSA-2018:0855",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"name" : "97050",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97050"
},
{
"name" : "1038123",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038123"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "FreeBSD-SA-17:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "97050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97050"
},
{
"name": "RHSA-2017:3071",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3389",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3389"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "RHSA-2018:0855",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
}
]
}
}

34
2017/6xxx/CVE-2017-6993.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6993",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6993",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/7xxx/CVE-2017-7202.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and 'slims7_cendana-master/template/default-rtl/detail_template.php' URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/slims/slims7_cendana/issues/50",
"refsource" : "CONFIRM",
"url" : "https://github.com/slims/slims7_cendana/issues/50"
},
{
"name" : "97004",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and 'slims7_cendana-master/template/default-rtl/detail_template.php' URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/slims/slims7_cendana/issues/50",
"refsource": "CONFIRM",
"url": "https://github.com/slims/slims7_cendana/issues/50"
},
{
"name": "97004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97004"
}
]
}
}

120
2017/7xxx/CVE-2017-7317.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/fulldisclosure/2017/Jun/45",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Jun/45"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Humax Digital HG100 2.0.6 devices. The attacker can find the root credentials in the backup file, aka GatewaySettings.bin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jun/45",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jun/45"
}
]
}
}

120
2018/10xxx/CVE-2018-10173.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10173",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/147244/Digital-Guardian-Management-Console-7.1.2.0015-Shell-Upload.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/147244/Digital-Guardian-Management-Console-7.1.2.0015-Shell-Upload.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/147244/Digital-Guardian-Management-Console-7.1.2.0015-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/147244/Digital-Guardian-Management-Console-7.1.2.0015-Shell-Upload.html"
}
]
}
}

150
2018/11xxx/CVE-2018-11453.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"DATE_PUBLIC" : "2018-08-07T00:00:00",
"ID" : "CVE-2018-11453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15",
"version" : {
"version_data" : [
{
"version_value" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions"
},
{
"version_value" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions < V13 SP2 Update 2"
},
{
"version_value" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions < V14 SP1 Update 6"
},
{
"version_value" : "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions < V15 Update 2"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-276: Incorrect Default Permissions"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC": "2018-08-07T00:00:00",
"ID": "CVE-2018-11453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14, SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15",
"version": {
"version_data": [
{
"version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 : All versions"
},
{
"version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 : All versions < V13 SP2 Update 2"
},
{
"version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 : All versions < V14 SP1 Update 6"
},
{
"version_value": "SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 : All versions < V15 Update 2"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
},
{
"name" : "105115",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105115"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105115"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979106.pdf"
}
]
}
}

34
2018/14xxx/CVE-2018-14022.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14022",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14022",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2018/14xxx/CVE-2018-14353.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
},
{
"name" : "http://www.mutt.org/news.html",
"refsource" : "MISC",
"url" : "http://www.mutt.org/news.html"
},
{
"name" : "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23",
"refsource" : "MISC",
"url" : "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23"
},
{
"name" : "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d",
"refsource" : "MISC",
"url" : "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d"
},
{
"name" : "https://neomutt.org/2018/07/16/release",
"refsource" : "MISC",
"url" : "https://neomutt.org/2018/07/16/release"
},
{
"name" : "DSA-4277",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4277"
},
{
"name" : "GLSA-201810-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201810-07"
},
{
"name" : "USN-3719-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3719-1/"
},
{
"name" : "USN-3719-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3719-3/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3719-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3719-3/"
},
{
"name": "DSA-4277",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4277"
},
{
"name": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d",
"refsource": "MISC",
"url": "https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d"
},
{
"name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
},
{
"name": "GLSA-201810-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-07"
},
{
"name": "http://www.mutt.org/news.html",
"refsource": "MISC",
"url": "http://www.mutt.org/news.html"
},
{
"name": "https://neomutt.org/2018/07/16/release",
"refsource": "MISC",
"url": "https://neomutt.org/2018/07/16/release"
},
{
"name": "USN-3719-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3719-1/"
},
{
"name": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23",
"refsource": "MISC",
"url": "https://github.com/neomutt/neomutt/commit/65d64a5b60a4a3883f2cd799d92c6091d8854f23"
}
]
}
}

120
2018/14xxx/CVE-2018-14441.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadAction_fileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/cckevincyh/CompanyWebsite/issues/4",
"refsource" : "MISC",
"url" : "https://github.com/cckevincyh/CompanyWebsite/issues/4"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadAction_fileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cckevincyh/CompanyWebsite/issues/4",
"refsource": "MISC",
"url": "https://github.com/cckevincyh/CompanyWebsite/issues/4"
}
]
}
}

120
2018/14xxx/CVE-2018-14738.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/cloudwu/pbc/issues/122#issuecomment-407309546",
"refsource" : "MISC",
"url" : "https://github.com/cloudwu/pbc/issues/122#issuecomment-407309546"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cloudwu/pbc/issues/122#issuecomment-407309546",
"refsource": "MISC",
"url": "https://github.com/cloudwu/pbc/issues/122#issuecomment-407309546"
}
]
}
}

120
2018/14xxx/CVE-2018-14910.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/MichaelWayneLIU/seacms/blob/master/seacms2.md",
"refsource" : "MISC",
"url" : "https://github.com/MichaelWayneLIU/seacms/blob/master/seacms2.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/MichaelWayneLIU/seacms/blob/master/seacms2.md",
"refsource": "MISC",
"url": "https://github.com/MichaelWayneLIU/seacms/blob/master/seacms2.md"
}
]
}
}

164
2018/15xxx/CVE-2018-15396.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-03T16:00:00-0500",
"ID" : "CVE-2018-15396",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Unity Connection File Upload Denial of Service Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Unity Connection ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "4.1",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-399"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-10-03T16:00:00-0500",
"ID": "CVE-2018-15396",
"STATE": "PUBLIC",
"TITLE": "Cisco Unity Connection File Upload Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Unity Connection ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181003 Cisco Unity Connection File Upload Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-unity-dos"
},
{
"name" : "1041782",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041782"
}
]
},
"source" : {
"advisory" : "cisco-sa-20181003-unity-dos",
"defect" : [
[
"CSCvj79033"
]
],
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.1",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041782"
},
{
"name": "20181003 Cisco Unity Connection File Upload Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-unity-dos"
}
]
},
"source": {
"advisory": "cisco-sa-20181003-unity-dos",
"defect": [
[
"CSCvj79033"
]
],
"discovery": "UNKNOWN"
}
}

164
2018/15xxx/CVE-2018-15432.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-03T16:00:00-0500",
"ID" : "CVE-2018-15432",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Prime Infrastructure Information Disclosure Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Prime Infrastructure ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "4.3",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-10-03T16:00:00-0500",
"ID": "CVE-2018-15432",
"STATE": "PUBLIC",
"TITLE": "Cisco Prime Infrastructure Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Prime Infrastructure ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181003 Cisco Prime Infrastructure Information Disclosure Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-id"
},
{
"name" : "105563",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105563"
}
]
},
"source" : {
"advisory" : "cisco-sa-20181003-pi-id",
"defect" : [
[
"CSCvg93148"
]
],
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the server backup function of Cisco Prime Infrastructure could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to the transmission of sensitive information as part of a GET request. An attacker could exploit this vulnerability by sending a GET request to a vulnerable device. A successful exploit could allow the attacker to view sensitive information."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181003 Cisco Prime Infrastructure Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-pi-id"
},
{
"name": "105563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105563"
}
]
},
"source": {
"advisory": "cisco-sa-20181003-pi-id",
"defect": [
[
"CSCvg93148"
]
],
"discovery": "UNKNOWN"
}
}

34
2018/15xxx/CVE-2018-15526.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15526",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15526",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/15xxx/CVE-2018-15671.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5#stack-overflow---stackoverflow_h5p__get_cb",
"refsource" : "MISC",
"url" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5#stack-overflow---stackoverflow_h5p__get_cb"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5#stack-overflow---stackoverflow_h5p__get_cb",
"refsource": "MISC",
"url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5#stack-overflow---stackoverflow_h5p__get_cb"
}
]
}
}

150
2018/15xxx/CVE-2018-15751.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[salt-users] 20181024 2017.7.8 Released - Security Advisory",
"refsource" : "MLIST",
"url" : "https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ"
},
{
"name" : "[salt-users] 20181024 2018.3.3 Released - Security Advisory",
"refsource" : "MLIST",
"url" : "https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ"
},
{
"name" : "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html",
"refsource" : "CONFIRM",
"url" : "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html"
},
{
"name" : "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html",
"refsource" : "CONFIRM",
"url" : "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/2017.7/topics/releases/2017.7.8.html"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2018.3.3.html"
},
{
"name": "[salt-users] 20181024 2018.3.3 Released - Security Advisory",
"refsource": "MLIST",
"url": "https://groups.google.com/d/msg/salt-users/L9xqcJ0UXxs/qgDj42obBQAJ"
},
{
"name": "[salt-users] 20181024 2017.7.8 Released - Security Advisory",
"refsource": "MLIST",
"url": "https://groups.google.com/d/msg/salt-users/dimVF7rpphY/jn3Xv3MbBQAJ"
}
]
}
}

144
2018/20xxx/CVE-2018-20241.json
View File

@ -1,74 +1,74 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2019-02-15T00:00:00",
"ID" : "CVE-2018-20241",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Fisheye and Crucible",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "4.7.0"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-02-15T00:00:00",
"ID": "CVE-2018-20241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fisheye and Crucible",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "4.7.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/CRUC-8380",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/CRUC-8380"
},
{
"name" : "https://jira.atlassian.com/browse/FE-7162",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/FE-7162"
},
{
"name" : "107128",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107128"
},
{
"name": "https://jira.atlassian.com/browse/CRUC-8380",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/CRUC-8380"
},
{
"name": "https://jira.atlassian.com/browse/FE-7162",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/FE-7162"
}
]
}
}

34
2018/20xxx/CVE-2018-20586.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20586",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20586",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/20xxx/CVE-2018-20615.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20615",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20615",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/20xxx/CVE-2018-20692.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20692",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20692",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9561.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9561",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9561",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/9xxx/CVE-2018-9850.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9850",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Gxlcms QY v1.0.0713, Lib\\Lib\\Action\\Admin\\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-filedelete/index.html",
"refsource" : "MISC",
"url" : "http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-filedelete/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Gxlcms QY v1.0.0713, Lib\\Lib\\Action\\Admin\\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-filedelete/index.html",
"refsource": "MISC",
"url": "http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-filedelete/index.html"
}
]
}
}

130
2018/9xxx/CVE-2018-9861.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md"
},
{
"name" : "https://www.drupal.org/sa-core-2018-003",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/sa-core-2018-003"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md",
"refsource": "CONFIRM",
"url": "https://github.com/ckeditor/ckeditor-dev/blob/master/CHANGES.md"
},
{
"name": "https://www.drupal.org/sa-core-2018-003",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/sa-core-2018-003"
}
]
}
}