admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:28:30 +00:00
parent c77dc95204
commit 2a11f957f7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4071 additions and 4071 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
2001/0xxx/CVE-2001-0074.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0074",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in print.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the board parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001223 Technote",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/153007"
},
{
"name" : "2155",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2155"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in print.cgi in Technote allows remote attackers to read arbitrary files via a .. (dot dot) attack in the board parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001223 Technote",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/153007"
},
{
"name": "2155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2155"
}
]
}
}

138
2001/0xxx/CVE-2001-0094.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "NetBSD-SA2000-017",
"refsource" : "NETBSD",
"url" : "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc"
},
{
"name" : "FreeBSD-SA-01:25",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:25.kerberosIV.asc"
},
{
"name" : "kerberos4-auth-packet-overflow(5734)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5734"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "NetBSD-SA2000-017",
"refsource": "NETBSD",
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc"
},
{
"name": "FreeBSD-SA-01:25",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:25.kerberosIV.asc"
},
{
"name": "kerberos4-auth-packet-overflow(5734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5734"
}
]
}
}

128
2001/0xxx/CVE-2001-0225.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0225",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010207 Infobot 0.44.5.3/below remotely vulnerable (also in FreeBSD ports tree)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0127.html"
},
{
"name" : "2349",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2349"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010207 Infobot 0.44.5.3/below remotely vulnerable (also in FreeBSD ports tree)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0127.html"
},
{
"name": "2349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2349"
}
]
}
}

168
2001/0xxx/CVE-2001-0339.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the \"Web page spoofing vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS01-027",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027"
},
{
"name" : "L-087",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/l-087.shtml"
},
{
"name" : "ie-html-url-spoofing(6556)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6556"
},
{
"name" : "2737",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2737"
},
{
"name" : "5694",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5694"
},
{
"name" : "oval:org.mitre.oval:def:1096",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1096"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the \"Web page spoofing vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS01-027",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027"
},
{
"name": "5694",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5694"
},
{
"name": "oval:org.mitre.oval:def:1096",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1096"
},
{
"name": "2737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2737"
},
{
"name": "L-087",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/l-087.shtml"
},
{
"name": "ie-html-url-spoofing(6556)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6556"
}
]
}
}

118
2001/0xxx/CVE-2001-0580.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "200105007 Advisory for Vdns ",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0050.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BUGTRAQ",
"name": "200105007 Advisory for Vdns",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0050.html"
}
]
}
}

128
2001/1xxx/CVE-2001-1361.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1361",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://twig.screwdriver.net/file.php3?file=CHANGELOG",
"refsource" : "CONFIRM",
"url" : "http://twig.screwdriver.net/file.php3?file=CHANGELOG"
},
{
"name" : "20010719 [VulnWatch] Changelog maddness (14 various broken apps)",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly related to incorrect security rights and/or the generation of mailto links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010719 [VulnWatch] Changelog maddness (14 various broken apps)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html"
},
{
"name": "http://twig.screwdriver.net/file.php3?file=CHANGELOG",
"refsource": "CONFIRM",
"url": "http://twig.screwdriver.net/file.php3?file=CHANGELOG"
}
]
}
}

128
2006/2xxx/CVE-2006-2133.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2133",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, possibly involving the link_edit functionality."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/04/barracuda-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/04/barracuda-vuln.html"
},
{
"name" : "barracuda-index-sql-injection(26175)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26175"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, possibly involving the link_edit functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2006/04/barracuda-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/barracuda-vuln.html"
},
{
"name": "barracuda-index-sql-injection(26175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26175"
}
]
}
}

198
2006/2xxx/CVE-2006-2233.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060503 BankTown's ActiveX Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/432862/100/0/threaded"
},
{
"name" : "20060503 BankTown's ActiveX Buffer Overflow Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0037.html"
},
{
"name" : "20060508 Re: BankTown's ActiveX Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/433242/100/0/threaded"
},
{
"name" : "17815",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17815"
},
{
"name" : "ADV-2006-1638",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1638"
},
{
"name" : "25212",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25212"
},
{
"name" : "19942",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19942"
},
{
"name" : "855",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/855"
},
{
"name" : "banktown-setbannerurl-bo(26214)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26214"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19942",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19942"
},
{
"name": "855",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/855"
},
{
"name": "17815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17815"
},
{
"name": "ADV-2006-1638",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1638"
},
{
"name": "20060503 BankTown's ActiveX Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432862/100/0/threaded"
},
{
"name": "20060503 BankTown's ActiveX Buffer Overflow Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0037.html"
},
{
"name": "20060508 Re: BankTown's ActiveX Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433242/100/0/threaded"
},
{
"name": "25212",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25212"
},
{
"name": "banktown-setbannerurl-bo(26214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26214"
}
]
}
}

718
2006/2xxx/CVE-2006-2686.json
View File

@ -1,362 +1,362 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2686",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes folder, and (20) modules/ folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1829",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1829"
},
{
"name" : "19133",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19133"
},
{
"name" : "ADV-2006-1997",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1997"
},
{
"name" : "27256",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27256"
},
{
"name" : "27257",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27257"
},
{
"name" : "27260",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27260"
},
{
"name" : "27261",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27261"
},
{
"name" : "27262",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27262"
},
{
"name" : "27263",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27263"
},
{
"name" : "27275",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27275"
},
{
"name" : "27282",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27282"
},
{
"name" : "27285",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27285"
},
{
"name" : "27297",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27297"
},
{
"name" : "27298",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27298"
},
{
"name" : "27300",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27300"
},
{
"name" : "27301",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27301"
},
{
"name" : "27302",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27302"
},
{
"name" : "27303",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27303"
},
{
"name" : "27305",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27305"
},
{
"name" : "27310",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27310"
},
{
"name" : "27253",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27253"
},
{
"name" : "27254",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27254"
},
{
"name" : "27258",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27258"
},
{
"name" : "27259",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27259"
},
{
"name" : "27266",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27266"
},
{
"name" : "27267",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27267"
},
{
"name" : "27268",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27268"
},
{
"name" : "27269",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27269"
},
{
"name" : "27272",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27272"
},
{
"name" : "27273",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27273"
},
{
"name" : "27274",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27274"
},
{
"name" : "27276",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27276"
},
{
"name" : "27277",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27277"
},
{
"name" : "27278",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27278"
},
{
"name" : "27279",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27279"
},
{
"name" : "27280",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27280"
},
{
"name" : "27281",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27281"
},
{
"name" : "27283",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27283"
},
{
"name" : "27284",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27284"
},
{
"name" : "27286",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27286"
},
{
"name" : "27287",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27287"
},
{
"name" : "27288",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27288"
},
{
"name" : "27292",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27292"
},
{
"name" : "27293",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27293"
},
{
"name" : "27294",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27294"
},
{
"name" : "27295",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27295"
},
{
"name" : "27296",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27296"
},
{
"name" : "27304",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27304"
},
{
"name" : "27264",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27264"
},
{
"name" : "27265",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27265"
},
{
"name" : "27270",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27270"
},
{
"name" : "27271",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27271"
},
{
"name" : "27289",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27289"
},
{
"name" : "27290",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27290"
},
{
"name" : "27291",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27291"
},
{
"name" : "27299",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27299"
},
{
"name" : "27306",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27306"
},
{
"name" : "27308",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27308"
},
{
"name" : "27309",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/27309"
},
{
"name" : "20299",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20299"
},
{
"name" : "actionapps-globals-file-include(26776)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26776"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes folder, and (20) modules/ folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27308",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27308"
},
{
"name": "27289",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27289"
},
{
"name": "27304",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27304"
},
{
"name": "27269",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27269"
},
{
"name": "27256",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27256"
},
{
"name": "1829",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1829"
},
{
"name": "27275",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27275"
},
{
"name": "27270",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27270"
},
{
"name": "27292",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27292"
},
{
"name": "actionapps-globals-file-include(26776)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26776"
},
{
"name": "ADV-2006-1997",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1997"
},
{
"name": "27305",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27305"
},
{
"name": "27272",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27272"
},
{
"name": "27278",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27278"
},
{
"name": "27294",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27294"
},
{
"name": "27273",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27273"
},
{
"name": "27287",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27287"
},
{
"name": "27274",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27274"
},
{
"name": "27284",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27284"
},
{
"name": "27253",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27253"
},
{
"name": "27276",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27276"
},
{
"name": "27306",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27306"
},
{
"name": "27263",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27263"
},
{
"name": "27298",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27298"
},
{
"name": "27295",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27295"
},
{
"name": "27271",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27271"
},
{
"name": "27288",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27288"
},
{
"name": "27310",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27310"
},
{
"name": "27264",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27264"
},
{
"name": "27262",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27262"
},
{
"name": "27257",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27257"
},
{
"name": "27259",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27259"
},
{
"name": "27280",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27280"
},
{
"name": "20299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20299"
},
{
"name": "27309",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27309"
},
{
"name": "27291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27291"
},
{
"name": "27267",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27267"
},
{
"name": "27281",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27281"
},
{
"name": "27282",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27282"
},
{
"name": "27301",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27301"
},
{
"name": "27254",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27254"
},
{
"name": "27268",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27268"
},
{
"name": "27258",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27258"
},
{
"name": "27299",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27299"
},
{
"name": "27300",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27300"
},
{
"name": "27297",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27297"
},
{
"name": "27285",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27285"
},
{
"name": "27286",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27286"
},
{
"name": "27296",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27296"
},
{
"name": "27303",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27303"
},
{
"name": "27279",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27279"
},
{
"name": "27277",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27277"
},
{
"name": "19133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19133"
},
{
"name": "27283",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27283"
},
{
"name": "27261",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27261"
},
{
"name": "27302",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27302"
},
{
"name": "27260",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27260"
},
{
"name": "27266",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27266"
},
{
"name": "27290",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27290"
},
{
"name": "27293",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27293"
},
{
"name": "27265",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27265"
}
]
}
}

118
2006/2xxx/CVE-2006-2846.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2846",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Portal System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18217",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18217"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Portal System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18217"
}
]
}
}

118
2008/5xxx/CVE-2008-5324.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "PK69316",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 2007 before 2007D and 2008 before 2008B allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PK69316",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK69316"
}
]
}
}

158
2008/5xxx/CVE-2008-5572.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5572",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7371",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7371"
},
{
"name" : "50547",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/50547"
},
{
"name" : "33030",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33030"
},
{
"name" : "4748",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4748"
},
{
"name" : "pda-downloads-information-disclosure(47148)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47148"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Professional Download Assistant 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for database/downloads.mdb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50547",
"refsource": "OSVDB",
"url": "http://osvdb.org/50547"
},
{
"name": "4748",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4748"
},
{
"name": "7371",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7371"
},
{
"name": "33030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33030"
},
{
"name": "pda-downloads-information-disclosure(47148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47148"
}
]
}
}

158
2008/5xxx/CVE-2008-5647.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5647",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://trac.edgewall.org/wiki/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://trac.edgewall.org/wiki/ChangeLog"
},
{
"name" : "32226",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32226"
},
{
"name" : "ADV-2008-3080",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3080"
},
{
"name" : "32652",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32652"
},
{
"name" : "trac-html-sanitizer-phishing(46491)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46491"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "trac-html-sanitizer-phishing(46491)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46491"
},
{
"name": "32652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32652"
},
{
"name": "ADV-2008-3080",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3080"
},
{
"name": "32226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32226"
},
{
"name": "http://trac.edgewall.org/wiki/ChangeLog",
"refsource": "CONFIRM",
"url": "http://trac.edgewall.org/wiki/ChangeLog"
}
]
}
}

128
2011/2xxx/CVE-2011-2290.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2290",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-2290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
},
{
"name" : "TA11-201A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
}
]
}
}

32
2011/2xxx/CVE-2011-2487.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2487",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2487",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

188
2011/2xxx/CVE-2011-2524.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2524",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=653258",
"refsource" : "MISC",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=653258"
},
{
"name" : "http://git.gnome.org/browse/libsoup/tree/NEWS",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/browse/libsoup/tree/NEWS"
},
{
"name" : "DSA-2369",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2369"
},
{
"name" : "FEDORA-2011-9763",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html"
},
{
"name" : "RHSA-2011:1102",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1102.html"
},
{
"name" : "USN-1181-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1181-1"
},
{
"name" : "1025864",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025864"
},
{
"name" : "47299",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47299"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47299"
},
{
"name": "http://git.gnome.org/browse/libsoup/tree/NEWS",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/libsoup/tree/NEWS"
},
{
"name": "FEDORA-2011-9763",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html"
},
{
"name": "RHSA-2011:1102",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1102.html"
},
{
"name": "1025864",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025864"
},
{
"name": "DSA-2369",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2369"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=653258",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=653258"
},
{
"name": "USN-1181-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1181-1"
}
]
}
}

218
2011/2xxx/CVE-2011-2797.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=87729",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=87729"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html"
},
{
"name" : "http://support.apple.com/kb/HT4981",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4981"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "http://support.apple.com/kb/HT5000",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5000"
},
{
"name" : "APPLE-SA-2011-10-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name" : "APPLE-SA-2011-10-12-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html"
},
{
"name" : "74247",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/74247"
},
{
"name" : "oval:org.mitre.oval:def:14437",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14437"
},
{
"name" : "google-chrome-resource-ce(68959)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68959"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4981",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4981"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name": "oval:org.mitre.oval:def:14437",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14437"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=87729",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=87729"
},
{
"name": "74247",
"refsource": "OSVDB",
"url": "http://osvdb.org/74247"
},
{
"name": "APPLE-SA-2011-10-12-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT5000",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5000"
},
{
"name": "google-chrome-resource-ce(68959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68959"
}
]
}
}

138
2011/3xxx/CVE-2011-3590.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3590",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=716439",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=716439"
},
{
"name" : "RHSA-2011:1532",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2011-1532.html"
},
{
"name" : "RHSA-2012:0152",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0152.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=716439",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=716439"
},
{
"name": "RHSA-2011:1532",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1532.html"
},
{
"name": "RHSA-2012:0152",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0152.html"
}
]
}
}

138
2011/3xxx/CVE-2011-3738.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2",
"refsource" : "MISC",
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Feng Office 1.7.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/fengoffice_1.7.2"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

118
2011/3xxx/CVE-2011-3859.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3859",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sitewat.ch/en/Advisories/17",
"refsource" : "MISC",
"url" : "https://sitewat.ch/en/Advisories/17"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sitewat.ch/en/Advisories/17",
"refsource": "MISC",
"url": "https://sitewat.ch/en/Advisories/17"
}
]
}
}

128
2013/0xxx/CVE-2013-0501.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0501",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21627070",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21627070"
},
{
"name" : "cdm-edrawsoft-activex(82345)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82345"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cdm-edrawsoft-activex(82345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82345"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21627070",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21627070"
}
]
}
}

208
2013/0xxx/CVE-2013-0760.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0760",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-0760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=780979",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=780979"
},
{
"name" : "SUSE-SU-2013:0048",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
},
{
"name" : "SUSE-SU-2013:0049",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
},
{
"name" : "openSUSE-SU-2013:0131",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
},
{
"name" : "openSUSE-SU-2013:0149",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
},
{
"name" : "USN-1681-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1681-1"
},
{
"name" : "USN-1681-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1681-2"
},
{
"name" : "USN-1681-4",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1681-4"
},
{
"name" : "oval:org.mitre.oval:def:17086",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17086"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2013:0048",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
},
{
"name": "openSUSE-SU-2013:0131",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=780979",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=780979"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html"
},
{
"name": "USN-1681-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1681-4"
},
{
"name": "oval:org.mitre.oval:def:17086",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17086"
},
{
"name": "SUSE-SU-2013:0049",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
},
{
"name": "USN-1681-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1681-1"
},
{
"name": "openSUSE-SU-2013:0149",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
},
{
"name": "USN-1681-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1681-2"
}
]
}
}

168
2013/1xxx/CVE-2013-1105.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1105",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name" : "57524",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57524"
},
{
"name" : "89532",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/89532"
},
{
"name" : "1028027",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1028027"
},
{
"name" : "51965",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51965"
},
{
"name" : "cisco-wlc-unauth-access(81490)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81490"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "89532",
"refsource": "OSVDB",
"url": "http://osvdb.org/89532"
},
{
"name": "51965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51965"
},
{
"name": "cisco-wlc-unauth-access(81490)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81490"
},
{
"name": "57524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57524"
},
{
"name": "20130123 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc"
},
{
"name": "1028027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028027"
}
]
}
}

128
2013/1xxx/CVE-2013-1135.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1135",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.0 allows remote attackers to cause a denial of service (CPU consumption and monitoring outage) via malformed TLS messages to TCP port (1) 9043 or (2) 9443, aka Bug ID CSCuc07155."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130227 Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-hcs"
},
{
"name" : "20130227 Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Issue",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1135"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.0 allows remote attackers to cause a denial of service (CPU consumption and monitoring outage) via malformed TLS messages to TCP port (1) 9043 or (2) 9443, aka Bug ID CSCuc07155."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130227 Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130227-hcs"
},
{
"name": "20130227 Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Issue",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1135"
}
]
}
}

118
2013/1xxx/CVE-2013-1136.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1136",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130510 Cisco ASR Route Processor 2 Dynamic Multipoint Virtual Private Network Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1136"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor crash) by creating multiple tunnels and then examining encryption statistics, aka Bug ID CSCuc52193."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130510 Cisco ASR Route Processor 2 Dynamic Multipoint Virtual Private Network Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1136"
}
]
}
}

218
2013/1xxx/CVE-2013-1665.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
"refsource" : "MLIST",
"url" : "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
},
{
"name" : "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/02/19/2"
},
{
"name" : "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/02/19/4"
},
{
"name" : "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html",
"refsource" : "CONFIRM",
"url" : "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
},
{
"name" : "http://bugs.python.org/issue17239",
"refsource" : "CONFIRM",
"url" : "http://bugs.python.org/issue17239"
},
{
"name" : "https://bugs.launchpad.net/keystone/+bug/1100279",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/keystone/+bug/1100279"
},
{
"name" : "DSA-2634",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2634"
},
{
"name" : "RHSA-2013:0658",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
},
{
"name" : "RHSA-2013:0657",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
},
{
"name" : "RHSA-2013:0670",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
},
{
"name" : "USN-1757-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1757-1"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130219 REJECT CVE-2013-0278, CVE-2013-0279 and CVE-2013-0280",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/19/4"
},
{
"name": "[openstack-announce] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"
},
{
"name": "RHSA-2013:0658",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0658.html"
},
{
"name": "[oss-security] 20130219 [OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/19/2"
},
{
"name": "USN-1757-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1757-1"
},
{
"name": "RHSA-2013:0657",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0657.html"
},
{
"name": "DSA-2634",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2634"
},
{
"name": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html",
"refsource": "CONFIRM",
"url": "http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"
},
{
"name": "RHSA-2013:0670",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0670.html"
},
{
"name": "http://bugs.python.org/issue17239",
"refsource": "CONFIRM",
"url": "http://bugs.python.org/issue17239"
},
{
"name": "https://bugs.launchpad.net/keystone/+bug/1100279",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/keystone/+bug/1100279"
}
]
}
}

268
2013/1xxx/CVE-2013-1697.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1697",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-1697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-59.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-59.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=858101",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=858101"
},
{
"name" : "DSA-2716",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2716"
},
{
"name" : "DSA-2720",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2720"
},
{
"name" : "RHSA-2013:0981",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0981.html"
},
{
"name" : "RHSA-2013:0982",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0982.html"
},
{
"name" : "SUSE-SU-2013:1152",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"
},
{
"name" : "SUSE-SU-2013:1153",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"
},
{
"name" : "openSUSE-SU-2013:1140",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"
},
{
"name" : "openSUSE-SU-2013:1141",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"
},
{
"name" : "openSUSE-SU-2013:1142",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"
},
{
"name" : "openSUSE-SU-2013:1143",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"
},
{
"name" : "USN-1890-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1890-1"
},
{
"name" : "USN-1891-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1891-1"
},
{
"name" : "60784",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/60784"
},
{
"name" : "oval:org.mitre.oval:def:17243",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17243"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60784"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=858101",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=858101"
},
{
"name": "USN-1890-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1890-1"
},
{
"name": "RHSA-2013:0982",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0982.html"
},
{
"name": "SUSE-SU-2013:1153",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html"
},
{
"name": "SUSE-SU-2013:1152",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html"
},
{
"name": "RHSA-2013:0981",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0981.html"
},
{
"name": "oval:org.mitre.oval:def:17243",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17243"
},
{
"name": "USN-1891-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1891-1"
},
{
"name": "openSUSE-SU-2013:1141",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-59.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-59.html"
},
{
"name": "DSA-2716",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2716"
},
{
"name": "openSUSE-SU-2013:1142",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html"
},
{
"name": "openSUSE-SU-2013:1140",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html"
},
{
"name": "DSA-2720",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2720"
},
{
"name": "openSUSE-SU-2013:1143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html"
}
]
}
}

148
2013/4xxx/CVE-2013-4463.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20131031 [OSSA 2013-029] Potential Nova denial of service through compressed disk images (CVE-2013-4463, CVE-2013-4469)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/10/31/3"
},
{
"name" : "https://bugs.launchpad.net/nova/+bug/1206081",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/nova/+bug/1206081"
},
{
"name" : "RHSA-2014:0112",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0112.html"
},
{
"name" : "USN-2247-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2247-1"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/nova/+bug/1206081",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1206081"
},
{
"name": "[oss-security] 20131031 [OSSA 2013-029] Potential Nova denial of service through compressed disk images (CVE-2013-4463, CVE-2013-4469)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/31/3"
},
{
"name": "USN-2247-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2247-1"
},
{
"name": "RHSA-2014:0112",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0112.html"
}
]
}
}

32
2013/4xxx/CVE-2013-4907.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4907",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4907",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2013/5xxx/CVE-2013-5005.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodaylab.com/zdl-advisories/2013-5005.html",
"refsource" : "MISC",
"url" : "http://www.zerodaylab.com/zdl-advisories/2013-5005.html"
},
{
"name" : "65242",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/65242"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodaylab.com/zdl-advisories/2013-5005.html",
"refsource": "MISC",
"url": "http://www.zerodaylab.com/zdl-advisories/2013-5005.html"
},
{
"name": "65242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65242"
}
]
}
}

32
2013/5xxx/CVE-2013-5299.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5299",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5299",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2013/5xxx/CVE-2013-5399.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5399",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5399",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2013/5xxx/CVE-2013-5752.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5752",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5752",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

158
2014/2xxx/CVE-2014-2784.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2014-2784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4051."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2014-2784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS14-051",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051"
},
{
"name" : "69100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/69100"
},
{
"name" : "1030715",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1030715"
},
{
"name" : "60670",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60670"
},
{
"name" : "ms-ie-cve20142784-code-exec(94968)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94968"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2014-4051."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030715",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030715"
},
{
"name": "MS14-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051"
},
{
"name": "69100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69100"
},
{
"name": "ms-ie-cve20142784-code-exec(94968)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94968"
},
{
"name": "60670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60670"
}
]
}
}

158
2017/0xxx/CVE-2017-0386.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0386",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-5.0.2"
},
{
"version_value" : "Android-5.1.1"
},
{
"version_value" : "Android-6.0"
},
{
"version_value" : "Android-6.0.1"
},
{
"version_value" : "Android-7.0"
},
{
"version_value" : "Android-7.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-5.0.2"
},
{
"version_value": "Android-5.1.1"
},
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
},
{
"version_value": "Android-7.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name" : "95256",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95256"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "95256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95256"
}
]
}
}

144
2017/0xxx/CVE-2017-0524.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2017-0524",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Kernel-3.10"
},
{
"version_value" : "Kernel-3.18"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33002026."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Kernel-3.10"
},
{
"version_value": "Kernel-3.18"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name" : "96808",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96808"
},
{
"name" : "1037968",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037968"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33002026."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96808"
}
]
}
}

130
2017/0xxx/CVE-2017-0827.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-10-02T00:00:00",
"ID" : "CVE-2017-0827",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-0827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-10-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-10-01"
},
{
"name" : "101120",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101120"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-62539960. References: M-ALPS03353876, M-ALPS03353861, M-ALPS03353869, M-ALPS03353867, M-ALPS03353872."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101120"
},
{
"name": "https://source.android.com/security/bulletin/2017-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-10-01"
}
]
}
}

122
2017/1000xxx/CVE-2017-1000053.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.301156",
"ID" : "CVE-2017-1000053",
"REQUESTER" : "griffin.byatt@nccgroup.trust",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Plug",
"version" : {
"version_data" : [
{
"version_value" : "v1.3.1, v1.3.0, v1.2.2, v1.2.1, v1.2.0, v1.1.6, v1.1.5, v1.1.4, v1.1.3, v1.1.2, v1.1.1, v1.1.0, v1.0.3, v1.0.2, v1.0.1, v1.0.0"
}
]
}
}
]
},
"vendor_name" : "Elixir Lang"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure deserialization"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.301156",
"ID": "CVE-2017-1000053",
"REQUESTER": "griffin.byatt@nccgroup.trust",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://elixirforum.com/t/security-releases-for-plug/3913",
"refsource" : "CONFIRM",
"url" : "https://elixirforum.com/t/security-releases-for-plug/3913"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://elixirforum.com/t/security-releases-for-plug/3913",
"refsource": "CONFIRM",
"url": "https://elixirforum.com/t/security-releases-for-plug/3913"
}
]
}
}

32
2017/12xxx/CVE-2017-12382.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12382",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12382",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2017/12xxx/CVE-2017-12445.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12445",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20170808 minidjvu multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Aug/15"
},
{
"name" : "100423",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100423"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170808 minidjvu multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Aug/15"
},
{
"name": "100423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100423"
}
]
}
}

128
2017/12xxx/CVE-2017-12646.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12646",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities",
"refsource" : "CONFIRM",
"url" : "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities"
},
{
"name" : "https://github.com/brianchandotcom/liferay-portal/pull/49833",
"refsource" : "CONFIRM",
"url" : "https://github.com/brianchandotcom/liferay-portal/pull/49833"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/brianchandotcom/liferay-portal/pull/49833",
"refsource": "CONFIRM",
"url": "https://github.com/brianchandotcom/liferay-portal/pull/49833"
},
{
"name": "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities"
}
]
}
}

130
2017/12xxx/CVE-2017-12714.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2017-08-29T00:00:00",
"ID" : "CVE-2017-12714",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI.",
"version" : {
"version_data" : [
{
"version_value" : "All versions of pacemakers manufactured prior to August 28, 2017"
}
]
}
}
]
},
"vendor_name" : "Abbott Laboratories"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Restriction of power consumption CWE-920"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-29T00:00:00",
"ID": "CVE-2017-12714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI.",
"version": {
"version_data": [
{
"version_value": "All versions of pacemakers manufactured prior to August 28, 2017"
}
]
}
}
]
},
"vendor_name": "Abbott Laboratories"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
},
{
"name" : "100523",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100523"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of power consumption CWE-920"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
},
{
"name": "100523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100523"
}
]
}
}

118
2017/12xxx/CVE-2017-12844.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://youtu.be/MI4dhEia1d4",
"refsource" : "MISC",
"url" : "https://youtu.be/MI4dhEia1d4"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://youtu.be/MI4dhEia1d4",
"refsource": "MISC",
"url": "https://youtu.be/MI4dhEia1d4"
}
]
}
}

198
2017/12xxx/CVE-2017-12883.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12883",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\\N{U+...}' escape."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1492093",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1492093"
},
{
"name" : "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1",
"refsource" : "CONFIRM",
"url" : "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1"
},
{
"name" : "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource" : "CONFIRM",
"url" : "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name" : "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource" : "CONFIRM",
"url" : "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name" : "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch",
"refsource" : "CONFIRM",
"url" : "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch"
},
{
"name" : "https://rt.perl.org/Public/Bug/Display.html?id=131598",
"refsource" : "CONFIRM",
"url" : "https://rt.perl.org/Public/Bug/Display.html?id=131598"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"name" : "DSA-3982",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3982"
},
{
"name" : "100852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100852"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\\N{U+...}' escape."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch",
"refsource": "CONFIRM",
"url": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch"
},
{
"name": "DSA-3982",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131598",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131598"
},
{
"name": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name": "100852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100852"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
}
]
}
}

130
2017/16xxx/CVE-2017-16018.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2017-16018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "restify node module",
"version" : {
"version_data" : [
{
"version_value" : ">=2.0.0 <=4.0.4"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "restify node module",
"version": {
"version_data": [
{
"version_value": ">=2.0.0 <=4.0.4"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/restify/node-restify/issues/1018",
"refsource" : "MISC",
"url" : "https://github.com/restify/node-restify/issues/1018"
},
{
"name" : "https://nodesecurity.io/advisories/314",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/314"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/314",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/314"
},
{
"name": "https://github.com/restify/node-restify/issues/1018",
"refsource": "MISC",
"url": "https://github.com/restify/node-restify/issues/1018"
}
]
}
}

130
2017/16xxx/CVE-2017-16173.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2017-16173",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "utahcityfinder node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "utahcityfinder node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/utahcityfinder",
"refsource" : "MISC",
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/utahcityfinder"
},
{
"name" : "https://nodesecurity.io/advisories/467",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/467"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "utahcityfinder constructs lists of Utah cities with a certain prefix. utahcityfinder is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/467",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/467"
},
{
"name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/utahcityfinder",
"refsource": "MISC",
"url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/utahcityfinder"
}
]
}
}

128
2017/16xxx/CVE-2017-16584.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-16584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "8.3.2.25013"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125-Out-of-bounds Read"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2017-16584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "8.3.2.25013"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-895",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-895"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within util.printf. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5290."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125-Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-895",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-895"
}
]
}
}

128
2017/16xxx/CVE-2017-16725.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-16725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Xiongmai Technology IP Cameras and DVRs",
"version" : {
"version_data" : [
{
"version_value" : "Xiongmai Technology IP Cameras and DVRs"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "stack-based buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-16725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Xiongmai Technology IP Cameras and DVRs",
"version": {
"version_data": [
{
"version_value": "Xiongmai Technology IP Cameras and DVRs"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01"
},
{
"name" : "102125",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102125"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Stack-based Buffer Overflow issue was discovered in Xiongmai Technology IP Cameras and DVRs using the NetSurveillance Web interface. The stack-based buffer overflow vulnerability has been identified, which may allow an attacker to execute code remotely or crash the device. After rebooting, the device restores itself to a more vulnerable state in which Telnet is accessible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "stack-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102125"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01"
}
]
}
}

154
2017/16xxx/CVE-2017-16773.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@synology.com",
"DATE_PUBLIC" : "2018-07-05T00:00:00",
"ID" : "CVE-2017-16773",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Universal Search",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "1.0.5-0135"
}
]
}
}
]
},
"vendor_name" : "Synology"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Authorization (CWE-285)"
}
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2018-07-05T00:00:00",
"ID": "CVE-2017-16773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Universal Search",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.0.5-0135"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.synology.com/en-global/support/security/Synology_SA_18_27",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/en-global/support/security/Synology_SA_18_27"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization (CWE-285)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/en-global/support/security/Synology_SA_18_27",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_18_27"
}
]
}
}

32
2017/4xxx/CVE-2017-4217.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4217",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4217",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

32
2017/4xxx/CVE-2017-4339.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4339",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4339",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

32
2017/4xxx/CVE-2017-4388.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4388",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4388",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

32
2017/4xxx/CVE-2017-4632.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4632",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4632",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

448
2018/18xxx/CVE-2018-18809.json
View File

@ -1,227 +1,227 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2019-03-06T17:00:00.000Z",
"ID" : "CVE-2018-18809",
"STATE" : "PUBLIC",
"TITLE" : "TIBCO JasperReports Library Directory Traversal Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIBCO JasperReports Library",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "6.3.4"
},
{
"affected" : "=",
"version_value" : "6.4.1"
},
{
"affected" : "=",
"version_value" : "6.4.2"
},
{
"affected" : "=",
"version_value" : "6.4.21"
},
{
"affected" : "=",
"version_value" : "7.1.0"
},
{
"affected" : "=",
"version_value" : "7.2.0"
}
]
}
},
{
"product_name" : "TIBCO JasperReports Library Community Edition",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "6.7.0"
}
]
}
},
{
"product_name" : "TIBCO JasperReports Library for ActiveMatrix BPM",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "6.4.21"
}
]
}
},
{
"product_name" : "TIBCO JasperReports Server",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "6.3.4"
},
{
"affected" : "=",
"version_value" : "6.4.0"
},
{
"affected" : "=",
"version_value" : "6.4.1"
},
{
"affected" : "=",
"version_value" : "6.4.2"
},
{
"affected" : "=",
"version_value" : "6.4.3"
},
{
"affected" : "=",
"version_value" : "7.1.0"
}
]
}
},
{
"product_name" : "TIBCO JasperReports Server Community Edition",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "6.4.3"
},
{
"affected" : "=",
"version_value" : "7.1.0"
}
]
}
},
{
"product_name" : "TIBCO JasperReports Server for ActiveMatrix BPM",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "6.4.3"
}
]
}
},
{
"product_name" : "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "7.1.0"
}
]
}
},
{
"product_name" : "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "7.1.0"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "TIBCO would like to extend its appreciation to Elar Lang of Clarified Security and Sathish Kumar Balakrishnan from Cyber Security Works Pvt Ltd for discovery of this vulnerability.\n"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9.9,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "The impact of this vulnerability includes the theoretical possibility that a web server using the provided DefaultWebResourceHandler could expose details of the host system. The disclosed data could include credentials to access other systems."
}
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-03-06T17:00:00.000Z",
"ID": "CVE-2018-18809",
"STATE": "PUBLIC",
"TITLE": "TIBCO JasperReports Library Directory Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO JasperReports Library",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "6.3.4"
},
{
"affected": "=",
"version_value": "6.4.1"
},
{
"affected": "=",
"version_value": "6.4.2"
},
{
"affected": "=",
"version_value": "6.4.21"
},
{
"affected": "=",
"version_value": "7.1.0"
},
{
"affected": "=",
"version_value": "7.2.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library Community Edition",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "6.7.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Library for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "6.4.21"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "6.3.4"
},
{
"affected": "=",
"version_value": "6.4.0"
},
{
"affected": "=",
"version_value": "6.4.1"
},
{
"affected": "=",
"version_value": "6.4.2"
},
{
"affected": "=",
"version_value": "6.4.3"
},
{
"affected": "=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server Community Edition",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "6.4.3"
},
{
"affected": "=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "6.4.3"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "7.1.0"
}
]
}
},
{
"product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "7.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tibco.com/services/support/advisories",
"refsource" : "MISC",
"url" : "http://www.tibco.com/services/support/advisories"
},
{
"name" : "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809",
"refsource" : "CONFIRM",
"url" : "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809"
},
{
"name" : "107351",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107351"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Library versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Library versions 6.4.1, 6.4.2, and 6.4.21 update to version 6.4.22 or higher\nTIBCO JasperReports Library version 7.1.0 update to version 7.1.1 or higher\nTIBCO JasperReports Library version 7.2.0 update to version 7.2.1 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.7.0 and below update to version 6.7.1 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.21 and below update to version 6.4.22 or higher\n\nTIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\nTIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher\n\nTIBCO JasperReports Server Community Edition versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below update to version 7.1.1 or higher\n"
}
],
"source" : {
"discovery" : "EXTERNAL"
}
}
},
"credit": [
{
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Elar Lang of Clarified Security and Sathish Kumar Balakrishnan from Cyber Security Works Pvt Ltd for discovery of this vulnerability.\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions up to and including 6.3.4; 6.4.1; 6.4.2; 6.4.21; 7.1.0; 7.2.0, TIBCO JasperReports Library Community Edition: versions up to and including 6.7.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.21, TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.3; 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 7.1.0, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that a web server using the provided DefaultWebResourceHandler could expose details of the host system. The disclosed data could include credentials to access other systems."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809"
},
{
"name": "107351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107351"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Library versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Library versions 6.4.1, 6.4.2, and 6.4.21 update to version 6.4.22 or higher\nTIBCO JasperReports Library version 7.1.0 update to version 7.1.1 or higher\nTIBCO JasperReports Library version 7.2.0 update to version 7.2.1 or higher\n\nTIBCO JasperReports Library Community Edition versions 6.7.0 and below update to version 6.7.1 or higher\n\nTIBCO JasperReports Library for ActiveMatrix BPM versions 6.4.21 and below update to version 6.4.22 or higher\n\nTIBCO JasperReports Server versions 6.3.4 and below update to version 6.3.5 or higher\nTIBCO JasperReports Server versions 6.4.0, 6.4.1, 6.4.2, and 6.4.3 update to version 6.4.4 or higher\nTIBCO JasperReports Server version 7.1.0 update to version 7.1.1 or higher\n\nTIBCO JasperReports Server Community Edition versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.3 and below update to version 6.4.4 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 7.1.0 and below update to version 7.1.1 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 7.1.0 and below update to version 7.1.1 or higher\n"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

32
2018/18xxx/CVE-2018-18900.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18900",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18900",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2018/5xxx/CVE-2018-5287.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5287",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md",
"refsource" : "MISC",
"url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md"
},
{
"name" : "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/",
"refsource" : "MISC",
"url" : "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8995",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8995"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GD Rating System plugin 2.3 for WordPress has Directory Traversal in the wp-admin/admin.php panel parameter for the gd-rating-system-about page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8995",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8995"
},
{
"name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md",
"refsource": "MISC",
"url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/gd-rating-system.md"
},
{
"name": "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/",
"refsource": "MISC",
"url": "https://wordpress.org/support/topic/xss-lfi-bugs-at-the-latest-version-of-gd-rating-system/"
}
]
}
}

32
2018/5xxx/CVE-2018-5567.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5567",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5567",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2018/5xxx/CVE-2018-5877.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-5877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Calculation of Buffer Size in Boot"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-5877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name" : "105838",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105838"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Calculation of Buffer Size in Boot"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name": "105838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105838"
}
]
}
}