admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:57:46 +00:00
parent a725bc3074
commit 3026b2b075
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4251 additions and 4167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2003/1xxx/CVE-2003-1203.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1203",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030318 Some XSS vulns",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html"
},
{
"name" : "7135",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7135"
},
{
"name" : "mambo-option-index-xss(11601)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11601"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030318 Some XSS vulns",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html"
},
{
"name": "7135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7135"
},
{
"name": "mambo-option-index-xss(11601)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11601"
}
]
}
}

130
2003/1xxx/CVE-2003-1588.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "201460",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201460-1"
},
{
"name" : "suncluster-haoracle-information-disclosure(56617)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56617"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "201460",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201460-1"
},
{
"name": "suncluster-haoracle-information-disclosure(56617)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56617"
}
]
}
}

190
2004/0xxx/CVE-2004-0129.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040203 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107582619125932&w=2"
},
{
"name" : "http://sourceforge.net/forum/forum.php?forum_id=350228",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?forum_id=350228"
},
{
"name" : "http://www.phpmyadmin.net/home_page/relnotes.php?rel=0",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyadmin.net/home_page/relnotes.php?rel=0"
},
{
"name" : "GLSA-200402-05",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200402-05.xml"
},
{
"name" : "9564",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9564"
},
{
"name" : "3800",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3800"
},
{
"name" : "10769",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10769"
},
{
"name" : "phpmyadmin-dotdot-directory-traversal(15021)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15021"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyadmin.net/home_page/relnotes.php?rel=0",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/relnotes.php?rel=0"
},
{
"name": "phpmyadmin-dotdot-directory-traversal(15021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15021"
},
{
"name": "GLSA-200402-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200402-05.xml"
},
{
"name": "10769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10769"
},
{
"name": "3800",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3800"
},
{
"name": "20040203 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107582619125932&w=2"
},
{
"name": "9564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9564"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=350228",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=350228"
}
]
}
}

160
2004/0xxx/CVE-2004-0190.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107694794031839&w=2"
},
{
"name" : "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017414.html"
},
{
"name" : "9784",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9784"
},
{
"name" : "4117",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4117"
},
{
"name" : "symantec-firewallvpn-password-plaintext(15212)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-firewallvpn-password-plaintext(15212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15212"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107694794031839&w=2"
},
{
"name": "9784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9784"
},
{
"name": "4117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4117"
},
{
"name": "20040216 Symantec FireWall/VPN Appliance model 200 leak of security",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017414.html"
}
]
}
}

170
2004/0xxx/CVE-2004-0238.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0238",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040202 0verkill - little simple vulnerability.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107577335424509&w=2"
},
{
"name" : "20040202 0verkill - little simple vulnerability.",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016579.html"
},
{
"name" : "http://www.securiteam.com/securitynews/5AP010KC0C.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/securitynews/5AP010KC0C.html"
},
{
"name" : "9550",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9550"
},
{
"name" : "overkill-client-multiple-bo(14999)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14999"
},
{
"name" : "overkill-server-parsecommandline-bo(15000)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15000"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040202 0verkill - little simple vulnerability.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016579.html"
},
{
"name": "20040202 0verkill - little simple vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107577335424509&w=2"
},
{
"name": "overkill-server-parsecommandline-bo(15000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15000"
},
{
"name": "overkill-client-multiple-bo(14999)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14999"
},
{
"name": "http://www.securiteam.com/securitynews/5AP010KC0C.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securitynews/5AP010KC0C.html"
},
{
"name": "9550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9550"
}
]
}
}

170
2004/0xxx/CVE-2004-0249.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040203 Multiple Vulnerabilities in PHPX",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107586932324901&w=2"
},
{
"name" : "20040316 PHPX 2.x - 3.2.4",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-03/0154.html"
},
{
"name" : "9569",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9569"
},
{
"name" : "10797",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10797/"
},
{
"name" : "phpx-session-hijack(15512)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15512"
},
{
"name" : "phpx-cookie-account-hijacking(15052)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15052"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpx-cookie-account-hijacking(15052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15052"
},
{
"name": "phpx-session-hijack(15512)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15512"
},
{
"name": "9569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9569"
},
{
"name": "10797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10797/"
},
{
"name": "20040316 PHPX 2.x - 3.2.4",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0154.html"
},
{
"name": "20040203 Multiple Vulnerabilities in PHPX",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107586932324901&w=2"
}
]
}
}

460
2004/0xxx/CVE-2004-0599.json
View File

@ -1,232 +1,232 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://scary.beasts.org/security/CESA-2004-001.txt",
"refsource" : "MISC",
"url" : "http://scary.beasts.org/security/CESA-2004-001.txt"
},
{
"name" : "APPLE-SA-2004-09-09",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
},
{
"name" : "CLA-2004:856",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856"
},
{
"name" : "DSA-536",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-536"
},
{
"name" : "DSA-570",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-570"
},
{
"name" : "DSA-571",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-571"
},
{
"name" : "FLSA:1943",
"refsource" : "FEDORA",
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1943"
},
{
"name" : "FLSA:2089",
"refsource" : "FEDORA",
"url" : "http://marc.info/?l=bugtraq&m=109900315219363&w=2"
},
{
"name" : "GLSA-200408-03",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml"
},
{
"name" : "GLSA-200408-22",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml"
},
{
"name" : "SSRT4778",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=109181639602978&w=2"
},
{
"name" : "MDKSA-2004:079",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:079"
},
{
"name" : "MDKSA-2006:212",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
},
{
"name" : "MDKSA-2006:213",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
},
{
"name" : "RHSA-2004:402",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-402.html"
},
{
"name" : "RHSA-2004:421",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-421.html"
},
{
"name" : "RHSA-2004:429",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-429.html"
},
{
"name" : "SCOSA-2004.16",
"refsource" : "SCO",
"url" : "http://marc.info/?l=bugtraq&m=109761239318458&w=2"
},
{
"name" : "SCOSA-2005.49",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name" : "200663",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1"
},
{
"name" : "SUSE-SA:2004:023",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2004_23_libpng.html"
},
{
"name" : "2004-0040",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.net/errata/2004/0040/"
},
{
"name" : "20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109163866717909&w=2"
},
{
"name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html"
},
{
"name" : "TA04-217A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-217A.html"
},
{
"name" : "VU#160448",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/160448"
},
{
"name" : "VU#286464",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/286464"
},
{
"name" : "VU#477512",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/477512"
},
{
"name" : "15495",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15495"
},
{
"name" : "10857",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10857"
},
{
"name" : "oval:org.mitre.oval:def:1479",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1479"
},
{
"name" : "oval:org.mitre.oval:def:10938",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10938"
},
{
"name" : "22957",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22957"
},
{
"name" : "22958",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22958"
},
{
"name" : "lilbpng-integer-bo(16896)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16896"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application crash) via a malformed PNG image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2004-0040",
"refsource": "TRUSTIX",
"url": "http://www.trustix.net/errata/2004/0040/"
},
{
"name": "VU#477512",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/477512"
},
{
"name": "200663",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200663-1"
},
{
"name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html"
},
{
"name": "oval:org.mitre.oval:def:1479",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1479"
},
{
"name": "SCOSA-2005.49",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "RHSA-2004:421",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
},
{
"name": "RHSA-2004:402",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-402.html"
},
{
"name": "GLSA-200408-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-22.xml"
},
{
"name": "22958",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22958"
},
{
"name": "FLSA:2089",
"refsource": "FEDORA",
"url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2"
},
{
"name": "FLSA:1943",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1943"
},
{
"name": "lilbpng-integer-bo(16896)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16896"
},
{
"name": "SCOSA-2004.16",
"refsource": "SCO",
"url": "http://marc.info/?l=bugtraq&m=109761239318458&w=2"
},
{
"name": "http://scary.beasts.org/security/CESA-2004-001.txt",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2004-001.txt"
},
{
"name": "RHSA-2004:429",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-429.html"
},
{
"name": "15495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15495"
},
{
"name": "DSA-536",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-536"
},
{
"name": "oval:org.mitre.oval:def:10938",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10938"
},
{
"name": "APPLE-SA-2004-09-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/mhonarc/security-announce/msg00056.html"
},
{
"name": "20040804 [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109163866717909&w=2"
},
{
"name": "DSA-570",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-570"
},
{
"name": "SSRT4778",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=109181639602978&w=2"
},
{
"name": "MDKSA-2006:213",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:213"
},
{
"name": "TA04-217A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-217A.html"
},
{
"name": "MDKSA-2006:212",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:212"
},
{
"name": "DSA-571",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-571"
},
{
"name": "CLA-2004:856",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000856"
},
{
"name": "10857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10857"
},
{
"name": "SUSE-SA:2004:023",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_23_libpng.html"
},
{
"name": "GLSA-200408-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml"
},
{
"name": "VU#160448",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/160448"
},
{
"name": "MDKSA-2004:079",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:079"
},
{
"name": "VU#286464",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/286464"
},
{
"name": "22957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22957"
}
]
}
}

170
2004/0xxx/CVE-2004-0638.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0638",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040902 Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=135&type=vulnerabilities&flashstatus=false"
},
{
"name" : "20040905 Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
},
{
"name" : "http://www.red-database-security.com/advisory/advisory_20040903_3.htm",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
},
{
"name" : "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name" : "11100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11100"
},
{
"name" : "oracle-dbmssystem-bo(17254)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-dbmssystem-bo(17254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "20040902 Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=135&type=vulnerabilities&flashstatus=false"
},
{
"name": "11100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11100"
},
{
"name": "20040905 Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
},
{
"name": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
}
]
}
}

160
2004/1xxx/CVE-2004-1768.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1768",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized by the converters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://ftp.symantec.com/public/english_us_canada/products/sba/sba_60x/updates/p132_notes.htm",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.symantec.com/public/english_us_canada/products/sba/sba_60x/updates/p132_notes.htm"
},
{
"name" : "VU#697598",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/697598"
},
{
"name" : "12459",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/12459"
},
{
"name" : "13489",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13489"
},
{
"name" : "symantec-brightmail-spamhunter-dos(18530)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18530"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized by the converters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#697598",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/697598"
},
{
"name": "ftp://ftp.symantec.com/public/english_us_canada/products/sba/sba_60x/updates/p132_notes.htm",
"refsource": "CONFIRM",
"url": "ftp://ftp.symantec.com/public/english_us_canada/products/sba/sba_60x/updates/p132_notes.htm"
},
{
"name": "13489",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13489"
},
{
"name": "symantec-brightmail-spamhunter-dos(18530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18530"
},
{
"name": "12459",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12459"
}
]
}
}

150
2004/2xxx/CVE-2004-2221.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2221",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://metasploit.com/projects/Framework/modules/exploits/mercantec_softcart.pm",
"refsource" : "MISC",
"url" : "http://metasploit.com/projects/Framework/modules/exploits/mercantec_softcart.pm"
},
{
"name" : "10926",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10926"
},
{
"name" : "9011",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/9011"
},
{
"name" : "softcart-softcartexecgi-bo(17008)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17008"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://metasploit.com/projects/Framework/modules/exploits/mercantec_softcart.pm",
"refsource": "MISC",
"url": "http://metasploit.com/projects/Framework/modules/exploits/mercantec_softcart.pm"
},
{
"name": "9011",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9011"
},
{
"name": "softcart-softcartexecgi-bo(17008)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17008"
},
{
"name": "10926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10926"
}
]
}
}

180
2004/2xxx/CVE-2004-2602.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2602",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gulftech.org/?node=research&article_id=00058-12242004",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00058-12242004"
},
{
"name" : "http://www.ubertec.co.uk/forums/showthread/php?t=2376",
"refsource" : "CONFIRM",
"url" : "http://www.ubertec.co.uk/forums/showthread/php?t=2376"
},
{
"name" : "12105",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12105"
},
{
"name" : "12598",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/12598"
},
{
"name" : "1012685",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1012685"
},
{
"name" : "13652",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13652"
},
{
"name" : "help-center-php-file-include(18694)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18694"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12105",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12105"
},
{
"name": "1012685",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012685"
},
{
"name": "help-center-php-file-include(18694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18694"
},
{
"name": "12598",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12598"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00058-12242004",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00058-12242004"
},
{
"name": "http://www.ubertec.co.uk/forums/showthread/php?t=2376",
"refsource": "CONFIRM",
"url": "http://www.ubertec.co.uk/forums/showthread/php?t=2376"
},
{
"name": "13652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13652"
}
]
}
}

160
2008/2xxx/CVE-2008-2043.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2043",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.rooksecurity.com/blog/?p=7",
"refsource" : "MISC",
"url" : "http://www.rooksecurity.com/blog/?p=7"
},
{
"name" : "VU#584089",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/584089"
},
{
"name" : "ADV-2008-1401",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1401/references"
},
{
"name" : "30027",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30027"
},
{
"name" : "cpanel-http-csrf(42114)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42114"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html, (3) frontend/x2/sql/adduser.html, and (4) frontend/x2/ftp/doaddftp.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30027"
},
{
"name": "ADV-2008-1401",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1401/references"
},
{
"name": "http://www.rooksecurity.com/blog/?p=7",
"refsource": "MISC",
"url": "http://www.rooksecurity.com/blog/?p=7"
},
{
"name": "VU#584089",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/584089"
},
{
"name": "cpanel-http-csrf(42114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42114"
}
]
}
}

34
2008/2xxx/CVE-2008-2164.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2164",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2164",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

240
2008/2xxx/CVE-2008-2231.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20080604 CVE id request: slash",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=121258731028005&w=2"
},
{
"name" : "[oss-security] 20080604 Re: CVE id request: slash",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=121260265427728&w=2"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484499",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484499"
},
{
"name" : "http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225",
"refsource" : "CONFIRM",
"url" : "http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225"
},
{
"name" : "http://www.slashcode.com/article.pl?sid=08/01/04/1950244&tid=4",
"refsource" : "CONFIRM",
"url" : "http://www.slashcode.com/article.pl?sid=08/01/04/1950244&tid=4"
},
{
"name" : "http://www.slashcode.com/article.pl?sid=08/01/07/2314232",
"refsource" : "CONFIRM",
"url" : "http://www.slashcode.com/article.pl?sid=08/01/07/2314232"
},
{
"name" : "DSA-1633",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1633"
},
{
"name" : "29548",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29548"
},
{
"name" : "1020206",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020206"
},
{
"name" : "30551",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30551"
},
{
"name" : "31691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31691"
},
{
"name" : "3923",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3923"
},
{
"name" : "slash-id-sql-injection(42880)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42880"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.slashcode.com/article.pl?sid=08/01/07/2314232",
"refsource": "CONFIRM",
"url": "http://www.slashcode.com/article.pl?sid=08/01/07/2314232"
},
{
"name": "31691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31691"
},
{
"name": "1020206",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020206"
},
{
"name": "[oss-security] 20080604 Re: CVE id request: slash",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=121260265427728&w=2"
},
{
"name": "[oss-security] 20080604 CVE id request: slash",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=121258731028005&w=2"
},
{
"name": "slash-id-sql-injection(42880)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42880"
},
{
"name": "3923",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3923"
},
{
"name": "http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225",
"refsource": "CONFIRM",
"url": "http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225"
},
{
"name": "http://www.slashcode.com/article.pl?sid=08/01/04/1950244&tid=4",
"refsource": "CONFIRM",
"url": "http://www.slashcode.com/article.pl?sid=08/01/04/1950244&tid=4"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484499",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484499"
},
{
"name": "DSA-1633",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1633"
},
{
"name": "30551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30551"
},
{
"name": "29548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29548"
}
]
}
}

170
2008/2xxx/CVE-2008-2352.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2352",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Smeego 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080517 Smeego CMS vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492227/100/0/threaded"
},
{
"name" : "5640",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5640"
},
{
"name" : "29264",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29264"
},
{
"name" : "ADV-2008-1563",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1563/references"
},
{
"name" : "30138",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30138"
},
{
"name" : "smeego-index-file-include(42498)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42498"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Smeego 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "smeego-index-file-include(42498)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42498"
},
{
"name": "ADV-2008-1563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1563/references"
},
{
"name": "20080517 Smeego CMS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492227/100/0/threaded"
},
{
"name": "29264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29264"
},
{
"name": "5640",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5640"
},
{
"name": "30138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30138"
}
]
}
}

140
2008/2xxx/CVE-2008-2865.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site Lock 2.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter in a show_article action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5842",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5842"
},
{
"name" : "29777",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29777"
},
{
"name" : "phpsitelock-index-sql-injection(43147)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site Lock 2.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter in a show_article action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29777"
},
{
"name": "5842",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5842"
},
{
"name": "phpsitelock-index-sql-injection(43147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43147"
}
]
}
}

160
2008/6xxx/CVE-2008-6226.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7003",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7003"
},
{
"name" : "32131",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32131"
},
{
"name" : "ADV-2008-3022",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3022"
},
{
"name" : "32547",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32547"
},
{
"name" : "phpautolistings-moreinfo-sql-injection(46381)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46381"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpautolistings-moreinfo-sql-injection(46381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46381"
},
{
"name": "32131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32131"
},
{
"name": "7003",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7003"
},
{
"name": "ADV-2008-3022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3022"
},
{
"name": "32547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32547"
}
]
}
}

130
2008/6xxx/CVE-2008-6262.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in lib/url/meta_url.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the URL to the translate function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "32726",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32726"
},
{
"name" : "saturncms-username-sql-injection(46651)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46651"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in lib/url/meta_url.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the URL to the translate function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "saturncms-username-sql-injection(46651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46651"
},
{
"name": "32726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32726"
}
]
}
}

130
2008/6xxx/CVE-2008-6546.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6546",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in phpns before 2.1.3 has unknown impact and attack vectors related to \"activation permissions.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://phpns.alecwh.com/news.php?a=2",
"refsource" : "CONFIRM",
"url" : "http://phpns.alecwh.com/news.php?a=2"
},
{
"name" : "48867",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/48867"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in phpns before 2.1.3 has unknown impact and attack vectors related to \"activation permissions.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48867",
"refsource": "OSVDB",
"url": "http://osvdb.org/48867"
},
{
"name": "http://phpns.alecwh.com/news.php?a=2",
"refsource": "CONFIRM",
"url": "http://phpns.alecwh.com/news.php?a=2"
}
]
}
}

170
2008/6xxx/CVE-2008-6974.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081208 Multiple XSRF in DD-WRT (Remote Root Command Execution)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499024"
},
{
"name" : "20081210 Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499119"
},
{
"name" : "20081211 Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499132"
},
{
"name" : "20081211 Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499135"
},
{
"name" : "9209",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/9209"
},
{
"name" : "http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173",
"refsource" : "MISC",
"url" : "http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9209",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/9209"
},
{
"name": "20081211 Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499132"
},
{
"name": "20081210 Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499119"
},
{
"name": "http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173",
"refsource": "MISC",
"url": "http://www.dd-wrt.com/phpBB2/viewtopic.php?t=55173"
},
{
"name": "20081211 Re: Multiple XSRF in DD-WRT (Remote Root Command Execution)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499135"
},
{
"name": "20081208 Multiple XSRF in DD-WRT (Remote Root Command Execution)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499024"
}
]
}
}

170
2008/7xxx/CVE-2008-7012.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "courier/1000@/api_error_email.html (aka \"error reporting page\") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://zebux.free.fr/pub/Advisory/Advisory_Accellion_SPAM_Engine_Vulnerability_200808.txt",
"refsource" : "MISC",
"url" : "http://zebux.free.fr/pub/Advisory/Advisory_Accellion_SPAM_Engine_Vulnerability_200808.txt"
},
{
"name" : "31178",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31178"
},
{
"name" : "48242",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/48242"
},
{
"name" : "1020870",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020870"
},
{
"name" : "31848",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31848"
},
{
"name" : "fta-errorreporting-mail-relay(45159)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45159"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "courier/1000@/api_error_email.html (aka \"error reporting page\") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31178"
},
{
"name": "1020870",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020870"
},
{
"name": "48242",
"refsource": "OSVDB",
"url": "http://osvdb.org/48242"
},
{
"name": "http://zebux.free.fr/pub/Advisory/Advisory_Accellion_SPAM_Engine_Vulnerability_200808.txt",
"refsource": "MISC",
"url": "http://zebux.free.fr/pub/Advisory/Advisory_Accellion_SPAM_Engine_Vulnerability_200808.txt"
},
{
"name": "31848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31848"
},
{
"name": "fta-errorreporting-mail-relay(45159)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45159"
}
]
}
}

150
2008/7xxx/CVE-2008-7042.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7042",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7080",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7080"
},
{
"name" : "32241",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32241"
},
{
"name" : "ADV-2008-3096",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3096"
},
{
"name" : "freshemailscript-url-file-include(46527)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46527"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-3096",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3096"
},
{
"name": "freshemailscript-url-file-include(46527)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46527"
},
{
"name": "7080",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7080"
},
{
"name": "32241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32241"
}
]
}
}

160
2008/7xxx/CVE-2008-7103.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7103",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service (browser crash) or execute arbitrary code via a long Document.Location property value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6327",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6327"
},
{
"name" : "30922",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30922"
},
{
"name" : "47909",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/47909"
},
{
"name" : "31671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31671"
},
{
"name" : "najdisi-toolbar-bo(44840)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44840"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service (browser crash) or execute arbitrary code via a long Document.Location property value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "najdisi-toolbar-bo(44840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44840"
},
{
"name": "30922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30922"
},
{
"name": "6327",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6327"
},
{
"name": "47909",
"refsource": "OSVDB",
"url": "http://osvdb.org/47909"
},
{
"name": "31671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31671"
}
]
}
}

170
2012/5xxx/CVE-2012-5387.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5387",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "22156",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/22156/"
},
{
"name" : "http://packetstormsecurity.org/files/117590/White-Label-CMS-1.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/117590/White-Label-CMS-1.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
},
{
"name" : "http://wordpress.org/extend/plugins/white-label-cms/changelog/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/extend/plugins/white-label-cms/changelog/"
},
{
"name" : "56166",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56166"
},
{
"name" : "86568",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86568"
},
{
"name" : "wp-whitelabelcms-admin-csrf(79520)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79520"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcms_o_developer_name parameter in a save action to wp-admin/admin.php, as demonstrated by a developer name containing XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wp-whitelabelcms-admin-csrf(79520)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79520"
},
{
"name": "22156",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/22156/"
},
{
"name": "56166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56166"
},
{
"name": "http://packetstormsecurity.org/files/117590/White-Label-CMS-1.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/117590/White-Label-CMS-1.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
},
{
"name": "http://wordpress.org/extend/plugins/white-label-cms/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/white-label-cms/changelog/"
},
{
"name": "86568",
"refsource": "OSVDB",
"url": "http://osvdb.org/86568"
}
]
}
}

150
2012/5xxx/CVE-2012-5481.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5481",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121119 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2012/11/19/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35381",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35381"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=216161",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=216161"
},
{
"name" : "56505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56505"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=216161",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=216161"
},
{
"name": "56505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56505"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35381",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35381"
},
{
"name": "[oss-security] 20121119 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/19/1"
}
]
}
}

190
2012/5xxx/CVE-2012-5564.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5564",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121123 CVE Request -- android-tools (server): Insecure temporary file used for logging",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/11/23/1"
},
{
"name" : "[oss-security] 20121123 Re: CVE Request -- android-tools (server): Insecure temporary file used for logging",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/11/23/8"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688280",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688280"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=879582",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=879582"
},
{
"name" : "FEDORA-2013-1666",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098527.html"
},
{
"name" : "FEDORA-2013-1742",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098529.html"
},
{
"name" : "FEDORA-2013-1750",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098532.html"
},
{
"name" : "56653",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56653"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20121123 Re: CVE Request -- android-tools (server): Insecure temporary file used for logging",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/23/8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=879582",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=879582"
},
{
"name": "56653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56653"
},
{
"name": "[oss-security] 20121123 CVE Request -- android-tools (server): Insecure temporary file used for logging",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/23/1"
},
{
"name": "FEDORA-2013-1750",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098532.html"
},
{
"name": "FEDORA-2013-1666",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098527.html"
},
{
"name": "FEDORA-2013-1742",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098529.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688280",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688280"
}
]
}
}

190
2012/5xxx/CVE-2012-5652.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5652",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/12/20/1"
},
{
"name" : "http://drupal.org/SA-CORE-2012-004",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/SA-CORE-2012-004"
},
{
"name" : "http://drupalcode.org/project/drupal.git/commitdiff/da8023a",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/drupal.git/commitdiff/da8023a"
},
{
"name" : "DSA-2776",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2776"
},
{
"name" : "56993",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56993"
},
{
"name" : "88527",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/88527"
},
{
"name" : "51517",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51517"
},
{
"name" : "drupal-upload-information-disclosure(80794)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80794"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Drupal 6.x before 6.27 allows remote attackers to obtain sensitive information about uploaded files via a (1) RSS feed or (2) search result."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupalcode.org/project/drupal.git/commitdiff/da8023a",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/drupal.git/commitdiff/da8023a"
},
{
"name": "http://drupal.org/SA-CORE-2012-004",
"refsource": "CONFIRM",
"url": "http://drupal.org/SA-CORE-2012-004"
},
{
"name": "56993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56993"
},
{
"name": "88527",
"refsource": "OSVDB",
"url": "http://osvdb.org/88527"
},
{
"name": "DSA-2776",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2776"
},
{
"name": "drupal-upload-information-disclosure(80794)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80794"
},
{
"name": "[oss-security] 20121219 Re: CVE request for Drupal core, and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/20/1"
},
{
"name": "51517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51517"
}
]
}
}

340
2012/5xxx/CVE-2012-5887.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5887",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1377807",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1377807"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1380829",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1380829"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1392248",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1392248"
},
{
"name" : "http://tomcat.apache.org/security-5.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-5.html"
},
{
"name" : "http://tomcat.apache.org/security-6.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-6.html"
},
{
"name" : "http://tomcat.apache.org/security-7.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-7.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626891"
},
{
"name" : "RHSA-2013:0623",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0623.html"
},
{
"name" : "RHSA-2013:0629",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0629.html"
},
{
"name" : "RHSA-2013:0631",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0631.html"
},
{
"name" : "RHSA-2013:0632",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0632.html"
},
{
"name" : "RHSA-2013:0633",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0633.html"
},
{
"name" : "RHSA-2013:0640",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0640.html"
},
{
"name" : "RHSA-2013:0647",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0647.html"
},
{
"name" : "RHSA-2013:0648",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0648.html"
},
{
"name" : "RHSA-2013:0726",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0726.html"
},
{
"name" : "openSUSE-SU-2012:1700",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
},
{
"name" : "openSUSE-SU-2012:1701",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
},
{
"name" : "openSUSE-SU-2013:0147",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
},
{
"name" : "USN-1637-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1637-1"
},
{
"name" : "56403",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56403"
},
{
"name" : "51371",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51371"
},
{
"name" : "tomcat-digest-security-bypass(79809)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21626891",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626891"
},
{
"name": "51371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51371"
},
{
"name": "openSUSE-SU-2012:1700",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1392248",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1392248"
},
{
"name": "RHSA-2013:0631",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0631.html"
},
{
"name": "RHSA-2013:0640",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0640.html"
},
{
"name": "USN-1637-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1637-1"
},
{
"name": "56403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56403"
},
{
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name": "RHSA-2013:0648",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0648.html"
},
{
"name": "RHSA-2013:0633",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0633.html"
},
{
"name": "RHSA-2013:0629",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0629.html"
},
{
"name": "tomcat-digest-security-bypass(79809)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79809"
},
{
"name": "RHSA-2013:0647",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0647.html"
},
{
"name": "RHSA-2013:0632",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0632.html"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1380829",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1380829"
},
{
"name": "openSUSE-SU-2013:0147",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
},
{
"name": "RHSA-2013:0623",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html"
},
{
"name": "http://tomcat.apache.org/security-5.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1377807",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1377807"
},
{
"name": "openSUSE-SU-2012:1701",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
},
{
"name": "RHSA-2013:0726",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html"
}
]
}
}

122
2017/11xxx/CVE-2017-11027.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-11-01T00:00:00",
"ID" : "CVE-2017-11027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure in Boot"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-11-01T00:00:00",
"ID": "CVE-2017-11027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-11-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing UBI image, size is not validated for being smaller than minimum header size causing unintialized data access vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure in Boot"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
}
]
}
}

120
2017/11xxx/CVE-2017-11685.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11685",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://init6.me/exploiting-manageengine-eventlog-analyzer.html",
"refsource" : "MISC",
"url" : "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html",
"refsource": "MISC",
"url": "http://init6.me/exploiting-manageengine-eventlog-analyzer.html"
}
]
}
}

130
2017/14xxx/CVE-2017-14506.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://baraktawily.blogspot.co.il/2017/09/gem-in-box-xss-vulenrability-cve-2017.html",
"refsource" : "MISC",
"url" : "http://baraktawily.blogspot.co.il/2017/09/gem-in-box-xss-vulenrability-cve-2017.html"
},
{
"name" : "https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md",
"refsource" : "MISC",
"url" : "https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://baraktawily.blogspot.co.il/2017/09/gem-in-box-xss-vulenrability-cve-2017.html",
"refsource": "MISC",
"url": "http://baraktawily.blogspot.co.il/2017/09/gem-in-box-xss-vulenrability-cve-2017.html"
},
{
"name": "https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md",
"refsource": "MISC",
"url": "https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md"
}
]
}
}

120
2017/15xxx/CVE-2017-15315.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-15315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NIP6300,NIP6600,Secospace USG6300,Secospace USG6500",
"version" : {
"version_data" : [
{
"version_value" : "NIP6300 V500R001C20SPC100, V500R001C20SPC200,NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Leak"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-15315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NIP6300,NIP6600,Secospace USG6300,Secospace USG6500",
"version": {
"version_data": [
{
"version_value": "NIP6300 V500R001C20SPC100, V500R001C20SPC200,NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-command-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-command-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-command-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-command-en"
}
]
}
}

34
2017/15xxx/CVE-2017-15446.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15446",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15446",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

120
2017/15xxx/CVE-2017-15805.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.fwhibbit.es/lfi-en-cisco-small-business-sa500-series-cuando-la-seguridad-de-tu-red-esta-hecha-un-cisco",
"refsource" : "MISC",
"url" : "https://www.fwhibbit.es/lfi-en-cisco-small-business-sa500-series-cuando-la-seguridad-de-tu-red-esta-hecha-un-cisco"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fwhibbit.es/lfi-en-cisco-small-business-sa500-series-cuando-la-seguridad-de-tu-red-esta-hecha-un-cisco",
"refsource": "MISC",
"url": "https://www.fwhibbit.es/lfi-en-cisco-small-business-sa500-series-cuando-la-seguridad-de-tu-red-esta-hecha-un-cisco"
}
]
}
}

160
2017/3xxx/CVE-2017-3074.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3074",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 25.0.0.148 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 25.0.0.148 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 25.0.0.148 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 25.0.0.148 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-15.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-15.html"
},
{
"name" : "GLSA-201705-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-12"
},
{
"name" : "RHSA-2017:1219",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1219"
},
{
"name" : "98349",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98349"
},
{
"name" : "1038427",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038427"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201705-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-12"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-15.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-15.html"
},
{
"name": "98349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98349"
},
{
"name": "RHSA-2017:1219",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1219"
},
{
"name": "1038427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038427"
}
]
}
}

170
2017/3xxx/CVE-2017-3192.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DIR-130",
"version" : {
"version_data" : [
{
"version_value" : "1.23"
}
]
}
},
{
"product_name" : "DIR-330",
"version" : {
"version_data" : [
{
"version_value" : "1.12"
}
]
}
}
]
},
"vendor_name" : "D-Link"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-522: Insufficiently Protected Credentials"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DIR-130",
"version": {
"version_data": [
{
"version_value": "1.23"
}
]
}
},
{
"product_name": "DIR-330",
"version": {
"version_data": [
{
"version_value": "1.12"
}
]
}
}
]
},
"vendor_name": "D-Link"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123292",
"refsource" : "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123292"
},
{
"name" : "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/",
"refsource" : "MISC",
"url" : "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/"
},
{
"name" : "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/",
"refsource" : "MISC",
"url" : "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/"
},
{
"name" : "VU#553503",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/553503"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 do not sufficiently protect administrator credentials. The tools_admin.asp page discloses the administrator password in base64 encoding in the returned web page. A remote attacker with access to this page (potentially through a authentication bypass such as CVE-2017-3191) may obtain administrator credentials for the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522: Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#553503",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/553503"
},
{
"name": "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/",
"refsource": "MISC",
"url": "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123292",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123292"
},
{
"name": "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/",
"refsource": "MISC",
"url": "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/"
}
]
}
}

122
2017/8xxx/CVE-2017-8169.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-8169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VIE-L09",
"version" : {
"version_data" : [
{
"version_value" : "Earlier than VIE-L09C40B360 versions"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the smart phone, causing the smartphone restart or arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VIE-L09",
"version": {
"version_data": [
{
"version_value": "Earlier than VIE-L09C40B360 versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-overflow-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-overflow-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the smart phone, causing the smartphone restart or arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-overflow-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-overflow-en"
}
]
}
}

122
2017/8xxx/CVE-2017-8279.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-11-01T00:00:00",
"ID" : "CVE-2017-8279",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while updating msg_mask information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Time-of-check Time-of-use (TOCTOU) Race Condition in Core"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-11-01T00:00:00",
"ID": "CVE-2017-8279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-11-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while updating msg_mask information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
}
]
}
}

140
2017/8xxx/CVE-2017-8362.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html"
},
{
"name" : "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/"
},
{
"name" : "GLSA-201811-23",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-23"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted audio file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/"
},
{
"name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html"
},
{
"name": "GLSA-201811-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-23"
}
]
}
}

140
2017/8xxx/CVE-2017-8472.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8472",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Windows",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Windows",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42225",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42225/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8472",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8472"
},
{
"name" : "98851",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98851"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8472",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8472"
},
{
"name": "42225",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42225/"
},
{
"name": "98851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98851"
}
]
}
}

120
2017/8xxx/CVE-2017-8863.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8863",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bneg.io/2017/05/12/vulnerabilities-in-cohu-3960hd/",
"refsource" : "MISC",
"url" : "https://bneg.io/2017/05/12/vulnerabilities-in-cohu-3960hd/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bneg.io/2017/05/12/vulnerabilities-in-cohu-3960hd/",
"refsource": "MISC",
"url": "https://bneg.io/2017/05/12/vulnerabilities-in-cohu-3960hd/"
}
]
}
}

142
2017/8xxx/CVE-2017-8950.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-06-27T00:00:00",
"ID" : "CVE-2017-8950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SiteScope",
"version" : {
"version_data" : [
{
"version_value" : "v11.2x, v11.3x"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Disclosure of Sensitive Information"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-06-27T00:00:00",
"ID": "CVE-2017-8950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiteScope",
"version": {
"version_data": [
{
"version_value": "v11.2x, v11.3x"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us"
},
{
"name" : "99331",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99331"
},
{
"name" : "1038791",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Disclosure of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038791"
},
{
"name": "99331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99331"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us"
}
]
}
}

120
2018/12xxx/CVE-2018-12021.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12021",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/singularityware/singularity/releases/tag/2.5.2",
"refsource" : "CONFIRM",
"url" : "https://github.com/singularityware/singularity/releases/tag/2.5.2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/singularityware/singularity/releases/tag/2.5.2",
"refsource": "CONFIRM",
"url": "https://github.com/singularityware/singularity/releases/tag/2.5.2"
}
]
}
}

132
2018/12xxx/CVE-2018-12246.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@symantec.com",
"DATE_PUBLIC" : "2018-10-16T00:00:00",
"ID" : "CVE-2018-12246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Symantec Web Isolation",
"version" : {
"version_data" : [
{
"version_value" : "1.11 prior to 1.11.21"
}
]
}
}
]
},
"vendor_name" : "Symantec Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-10-16T00:00:00",
"ID": "CVE-2018-12246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Web Isolation",
"version": {
"version_data": [
{
"version_value": "1.11 prior to 1.11.21"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1464.html",
"refsource" : "CONFIRM",
"url" : "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1464.html"
},
{
"name" : "105581",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105581"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1464.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1464.html"
},
{
"name": "105581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105581"
}
]
}
}

120
2018/12xxx/CVE-2018-12305.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12305",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource" : "MISC",
"url" : "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/over-a-dozen-vulnerabilities-discovered-in-asustor-as-602t-8dd5832a82cc"
}
]
}
}

140
2018/12xxx/CVE-2018-12356.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12356",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://openwall.com/lists/oss-security/2018/06/14/3",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2018/06/14/3"
},
{
"name" : "https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d",
"refsource" : "MISC",
"url" : "https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d"
},
{
"name" : "https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html",
"refsource" : "MISC",
"url" : "https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d",
"refsource": "MISC",
"url": "https://git.zx2c4.com/password-store/commit/?id=8683403b77f59c56fcb1f05c61ab33b9fd61a30d"
},
{
"name": "http://openwall.com/lists/oss-security/2018/06/14/3",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2018/06/14/3"
},
{
"name": "https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html",
"refsource": "MISC",
"url": "https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html"
}
]
}
}

120
2018/13xxx/CVE-2018-13319.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13319",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d",
"refsource" : "MISC",
"url" : "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d"
}
]
}
}

130
2018/13xxx/CVE-2018-13515.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for aman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/aman",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/aman"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for aman, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/aman",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/aman"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

130
2018/13xxx/CVE-2018-13534.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13534",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for SpeedCashLite (SCSL), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SpeedCashTokenContract",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SpeedCashTokenContract"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for SpeedCashLite (SCSL), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SpeedCashTokenContract",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SpeedCashTokenContract"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

130
2018/16xxx/CVE-2018-16016.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-16016",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-16016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name" : "106172",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106172"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name": "106172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106172"
}
]
}
}

120
2018/16xxx/CVE-2018-16261.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16261",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877",
"refsource" : "CONFIRM",
"url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877"
}
]
}
}

140
2018/16xxx/CVE-2018-16524.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16524",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
"refsource" : "MISC",
"url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
},
{
"name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
"refsource" : "MISC",
"url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
},
{
"name" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
"refsource": "CONFIRM",
"url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
},
{
"name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
"refsource": "MISC",
"url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
},
{
"name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
"refsource": "MISC",
"url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
}
]
}
}

130
2018/16xxx/CVE-2018-16730.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "\\upload\\plugins\\sys\\Install.php in CScms 4.1 has XSS via the site name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/AvaterXXX/CScms/blob/master/CScms_xss.md",
"refsource" : "MISC",
"url" : "https://github.com/AvaterXXX/CScms/blob/master/CScms_xss.md"
},
{
"name" : "https://www.patec.cn/newsshow.php?cid=24&id=123",
"refsource" : "MISC",
"url" : "https://www.patec.cn/newsshow.php?cid=24&id=123"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\\upload\\plugins\\sys\\Install.php in CScms 4.1 has XSS via the site name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.patec.cn/newsshow.php?cid=24&id=123",
"refsource": "MISC",
"url": "https://www.patec.cn/newsshow.php?cid=24&id=123"
},
{
"name": "https://github.com/AvaterXXX/CScms/blob/master/CScms_xss.md",
"refsource": "MISC",
"url": "https://github.com/AvaterXXX/CScms/blob/master/CScms_xss.md"
}
]
}
}

120
2018/16xxx/CVE-2018-16999.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16999",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392508",
"refsource" : "MISC",
"url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392508"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392508",
"refsource": "MISC",
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392508"
}
]
}
}

34
2018/17xxx/CVE-2018-17115.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17115",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17115",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/17xxx/CVE-2018-17392.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17392",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17392",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4007.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4007",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4007",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

88
2019/7xxx/CVE-2019-7222.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7222",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,68 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FEDORA",
"name": "FEDORA-2019-164946aa7f",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDOXCX3QFVWYXH5CQMGDDE7H6MUG5XGG/"
},
{
"url": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151712/KVM-kvm_inject_page_fault-Uninitialized-Memory-Leak.html"
},
{
"refsource": "BID",
"name": "106963",
"url": "http://www.securityfocus.com/bid/106963"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-3da64f3e61",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2HMABEMJDPA6LPCBE5WIEZXUKY7DLTN/"
},
{
"url": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commits/master/arch/x86/kvm"
},
{
"refsource": "SUSE",
"name": "SUSE-SA-2019:0203-1",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] Linux kernel: three KVM bugs (CVE-2019-6974, CVE-2019-7221, CVE-2019-7222)",
"url": "http://www.openwall.com/lists/oss-security/2019/02/18/2"
},
{
"refsource": "CONFIRM",
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1759"
},
{
"refsource": "CONFIRM",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ecec76885bcfe3294685dc363fd1273df0d5d65f"
}
]
}