admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:23:59 +00:00
parent bdb0de25c5
commit 305e4055c1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3993 additions and 3993 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2003/0xxx/CVE-2003-0432.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0432",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html",
"refsource" : "CONFIRM",
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html"
},
{
"name" : "DSA-324",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-324"
},
{
"name" : "CLA-2003:662",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662"
},
{
"name" : "RHSA-2003:077",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html"
},
{
"name" : "CSSA-2003-030.0",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt"
},
{
"name" : "9007",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/9007"
},
{
"name" : "oval:org.mitre.oval:def:106",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CSSA-2003-030.0",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt"
},
{
"name": "oval:org.mitre.oval:def:106",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106"
},
{
"name": "RHSA-2003:077",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-077.html"
},
{
"name": "CLA-2003:662",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662"
},
{
"name": "DSA-324",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-324"
},
{
"name": "9007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9007"
},
{
"name": "http://www.ethereal.com/appnotes/enpa-sa-00010.html",
"refsource": "CONFIRM",
"url": "http://www.ethereal.com/appnotes/enpa-sa-00010.html"
}
]
}
}

130
2003/0xxx/CVE-2003-0731.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0731",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the \"cmd\" parameter with a modifyUser value and a modified \"priviledges\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030813 CiscoWorks Application Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml"
},
{
"name" : "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/333028"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the \"cmd\" parameter with a modifyUser value and a modified \"priviledges\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/333028"
},
{
"name": "20030813 CiscoWorks Application Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml"
}
]
}
}

140
2003/0xxx/CVE-2003-0805.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030712 UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105804485302211&w=2"
},
{
"name" : "20030818 FW: [gopher] UMN Gopher 3.0.6 released",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106123498310717&w=2"
},
{
"name" : "DSA-387",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-387"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030712 UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105804485302211&w=2"
},
{
"name": "20030818 FW: [gopher] UMN Gopher 3.0.6 released",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106123498310717&w=2"
},
{
"name": "DSA-387",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-387"
}
]
}
}

150
2003/1xxx/CVE-2003-1196.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1196",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1",
"refsource" : "CONFIRM",
"url" : "http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1"
},
{
"name" : "8967",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8967"
},
{
"name" : "2789",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/2789"
},
{
"name" : "vieboard-viewtopic-sql-injection(13629)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13629"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1",
"refsource": "CONFIRM",
"url": "http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1"
},
{
"name": "8967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8967"
},
{
"name": "2789",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2789"
},
{
"name": "vieboard-viewtopic-sql-injection(13629)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13629"
}
]
}
}

140
2003/1xxx/CVE-2003-1237.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1237",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030222 [SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0274.html"
},
{
"name" : "6918",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6918"
},
{
"name" : "wwwboard-message-xss(11383)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/11383.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030222 [SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0274.html"
},
{
"name": "wwwboard-message-xss(11383)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11383.php"
},
{
"name": "6918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6918"
}
]
}
}

210
2004/0xxx/CVE-2004-0121.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0121",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040309 Microsoft Outlook \"mailto:\" Parameter Passing Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities"
},
{
"name" : "20040310 Outlook mailto: URL argument injection vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107893704602842&w=2"
},
{
"name" : "MS04-009",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009"
},
{
"name" : "TA04-070A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-070A.html"
},
{
"name" : "VU#305206",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/305206"
},
{
"name" : "O-096",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/o-096.shtml"
},
{
"name" : "9827",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9827"
},
{
"name" : "oval:org.mitre.oval:def:843",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843"
},
{
"name" : "outlook-mailtourl-execute-code(15414)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15414"
},
{
"name" : "outlook-ms04009-patch(15429)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15429"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA04-070A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-070A.html"
},
{
"name": "MS04-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009"
},
{
"name": "VU#305206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/305206"
},
{
"name": "outlook-mailtourl-execute-code(15414)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15414"
},
{
"name": "outlook-ms04009-patch(15429)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15429"
},
{
"name": "oval:org.mitre.oval:def:843",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843"
},
{
"name": "O-096",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-096.shtml"
},
{
"name": "9827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9827"
},
{
"name": "20040309 Microsoft Outlook \"mailto:\" Parameter Passing Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities"
},
{
"name": "20040310 Outlook mailto: URL argument injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107893704602842&w=2"
}
]
}
}

150
2004/0xxx/CVE-2004-0701.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0701",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "53922",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F53922"
},
{
"name" : "VU#100780",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/100780"
},
{
"name" : "7457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7457"
},
{
"name" : "sun-ray-session-access(11905)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11905"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7457"
},
{
"name": "sun-ray-session-access(11905)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11905"
},
{
"name": "VU#100780",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/100780"
},
{
"name": "53922",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F53922"
}
]
}
}

34
2004/0xxx/CVE-2004-0864.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0864",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0864",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

250
2004/0xxx/CVE-2004-0884.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0884",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2005-03-21",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name" : "DSA-563",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-563"
},
{
"name" : "DSA-568",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-568"
},
{
"name" : "FLSA:2137",
"refsource" : "FEDORA",
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2137"
},
{
"name" : "GLSA-200410-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml"
},
{
"name" : "MDKSA-2004:106",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:106"
},
{
"name" : "RHSA-2004:546",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2004-546.html"
},
{
"name" : "2004-0053",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.net/errata/2004/0053/"
},
{
"name" : "20050128 [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110693126007214&w=2"
},
{
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657"
},
{
"name" : "P-003",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/p-003.shtml"
},
{
"name" : "11347",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11347"
},
{
"name" : "oval:org.mitre.oval:def:11678",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11678"
},
{
"name" : "cyrus-sasl-saslpath(17643)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17643"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=134657"
},
{
"name": "20050128 [OpenPKG-SA-2005.004] OpenPKG Security Advisory (sasl)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110693126007214&w=2"
},
{
"name": "2004-0053",
"refsource": "TRUSTIX",
"url": "http://www.trustix.net/errata/2004/0053/"
},
{
"name": "P-003",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-003.shtml"
},
{
"name": "MDKSA-2004:106",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:106"
},
{
"name": "DSA-568",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-568"
},
{
"name": "FLSA:2137",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2137"
},
{
"name": "DSA-563",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-563"
},
{
"name": "cyrus-sasl-saslpath(17643)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17643"
},
{
"name": "oval:org.mitre.oval:def:11678",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11678"
},
{
"name": "APPLE-SA-2005-03-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "11347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11347"
},
{
"name": "GLSA-200410-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml"
},
{
"name": "RHSA-2004:546",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2004-546.html"
}
]
}
}

150
2004/1xxx/CVE-2004-1102.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.procheckup.com/security_info/vuln_pr0408.html",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/security_info/vuln_pr0408.html"
},
{
"name" : "VU#306086",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/306086"
},
{
"name" : "11599",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11599"
},
{
"name" : "mailpost-get-info-disclosure(17954)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17954"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11599"
},
{
"name": "http://www.procheckup.com/security_info/vuln_pr0408.html",
"refsource": "MISC",
"url": "http://www.procheckup.com/security_info/vuln_pr0408.html"
},
{
"name": "VU#306086",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/306086"
},
{
"name": "mailpost-get-info-disclosure(17954)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17954"
}
]
}
}

140
2004/2xxx/CVE-2004-2129.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP GET requests, possibly triggering a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040128 Denial Of Service in SurfNOW 2.2",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107530924723559&w=2"
},
{
"name" : "9519",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9519"
},
{
"name" : "surfnow-get-dos(14976)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14976"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP GET requests, possibly triggering a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9519"
},
{
"name": "20040128 Denial Of Service in SurfNOW 2.2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107530924723559&w=2"
},
{
"name": "surfnow-get-dos(14976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14976"
}
]
}
}

140
2004/2xxx/CVE-2004-2398.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2398",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040519 Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html"
},
{
"name" : "10390",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10390"
},
{
"name" : "cpanel-fantastico-obtain-information(16197)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16197"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cpanel-fantastico-obtain-information(16197)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16197"
},
{
"name": "20040519 Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html"
},
{
"name": "10390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10390"
}
]
}
}

150
2004/2xxx/CVE-2004-2468.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4755",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4755"
},
{
"name" : "1009598",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/alerts/2004/Mar/1009598.html"
},
{
"name" : "11260",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11260"
},
{
"name" : "sillysearch-search-xss(15683)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11260"
},
{
"name": "sillysearch-search-xss(15683)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15683"
},
{
"name": "1009598",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2004/Mar/1009598.html"
},
{
"name": "4755",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4755"
}
]
}
}

240
2004/2xxx/CVE-2004-2511.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2511",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
},
{
"name" : "11338",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11338"
},
{
"name" : "11339",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11339"
},
{
"name" : "10585",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/10585"
},
{
"name" : "10587",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/10587"
},
{
"name" : "10588",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/10588"
},
{
"name" : "10589",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/10589"
},
{
"name" : "10590",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/10590"
},
{
"name" : "11405",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/11405"
},
{
"name" : "1006351",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1006351"
},
{
"name" : "12751",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12751"
},
{
"name" : "dcpportal-get-xss(17638)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17638"
},
{
"name" : "dcpportal-post-xss(17639)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17639"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11338"
},
{
"name": "10587",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10587"
},
{
"name": "dcpportal-post-xss(17639)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17639"
},
{
"name": "10588",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10588"
},
{
"name": "1006351",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1006351"
},
{
"name": "10589",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10589"
},
{
"name": "11339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11339"
},
{
"name": "12751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12751"
},
{
"name": "10585",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10585"
},
{
"name": "10590",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10590"
},
{
"name": "11405",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11405"
},
{
"name": "20041006 [Maxpatrol Security Advisory] Multiple vulnerabilities in DCP-Portal",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0042.html"
},
{
"name": "dcpportal-get-xss(17638)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17638"
}
]
}
}

34
2008/2xxx/CVE-2008-2007.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2007",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1035. Reason: This candidate is a reservation duplicate of CVE-2008-1035. Notes: All CVE users should reference CVE-2008-1035 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2008-2007",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1035. Reason: This candidate is a reservation duplicate of CVE-2008-1035. Notes: All CVE users should reference CVE-2008-1035 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

150
2008/2xxx/CVE-2008-2336.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2336",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5626",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5626"
},
{
"name" : "29249",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29249"
},
{
"name" : "30273",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30273"
},
{
"name" : "68classifieds-category-sql-injection(42465)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42465"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5626",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5626"
},
{
"name": "30273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30273"
},
{
"name": "68classifieds-category-sql-injection(42465)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42465"
},
{
"name": "29249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29249"
}
]
}
}

350
2008/2xxx/CVE-2008-2476.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2476",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-2476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view",
"refsource" : "MISC",
"url" : "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view"
},
{
"name" : "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7"
},
{
"name" : "http://www.kb.cert.org/vuls/id/MAPG-7H2S68",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MAPG-7H2S68"
},
{
"name" : "http://support.apple.com/kb/HT3467",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3467"
},
{
"name" : "FreeBSD-SA-08:10",
"refsource" : "FREEBSD",
"url" : "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
},
{
"name" : "NetBSD-SA2008-013",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc"
},
{
"name" : "[4.2] 015: SECURITY FIX: October 2, 2008",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata42.html#015_ndp"
},
{
"name" : "[4.3] 006: SECURITY FIX: October 2, 2008",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata43.html#006_ndp"
},
{
"name" : "VU#472363",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/472363"
},
{
"name" : "31529",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31529"
},
{
"name" : "oval:org.mitre.oval:def:5670",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670"
},
{
"name" : "32133",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32133"
},
{
"name" : "ADV-2008-2750",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2750"
},
{
"name" : "ADV-2008-2751",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2751"
},
{
"name" : "ADV-2008-2752",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2752"
},
{
"name" : "1020968",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020968"
},
{
"name" : "1021109",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021109"
},
{
"name" : "1021132",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021132"
},
{
"name" : "32112",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32112"
},
{
"name" : "32117",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32117"
},
{
"name" : "32116",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32116"
},
{
"name" : "32406",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32406"
},
{
"name" : "ADV-2009-0633",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0633"
},
{
"name" : "multiple-vendors-ndp-dos(45601)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32406",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32406"
},
{
"name": "multiple-vendors-ndp-dos(45601)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601"
},
{
"name": "http://support.apple.com/kb/HT3467",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3467"
},
{
"name": "[4.2] 015: SECURITY FIX: October 2, 2008",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata42.html#015_ndp"
},
{
"name": "ADV-2008-2751",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2751"
},
{
"name": "1021109",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021109"
},
{
"name": "1020968",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020968"
},
{
"name": "32133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32133"
},
{
"name": "VU#472363",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/472363"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7"
},
{
"name": "32116",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32116"
},
{
"name": "1021132",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021132"
},
{
"name": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view",
"refsource": "MISC",
"url": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view"
},
{
"name": "ADV-2008-2750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2750"
},
{
"name": "ADV-2008-2752",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2752"
},
{
"name": "31529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31529"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68"
},
{
"name": "FreeBSD-SA-08:10",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc"
},
{
"name": "[4.3] 006: SECURITY FIX: October 2, 2008",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata43.html#006_ndp"
},
{
"name": "32112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32112"
},
{
"name": "NetBSD-SA2008-013",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc"
},
{
"name": "oval:org.mitre.oval:def:5670",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670"
},
{
"name": "32117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32117"
},
{
"name": "ADV-2009-0633",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0633"
}
]
}
}

140
2008/6xxx/CVE-2008-6081.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5468",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5468"
},
{
"name" : "28852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28852"
},
{
"name" : "simplecustomer-contact-sql-injection(41938)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41938"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28852"
},
{
"name": "simplecustomer-contact-sql-injection(41938)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41938"
},
{
"name": "5468",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5468"
}
]
}
}

170
2008/6xxx/CVE-2008-6967.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting (XSS) and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://files.altn.com/MDaemon/Release/RelNotes_en.txt",
"refsource" : "CONFIRM",
"url" : "http://files.altn.com/MDaemon/Release/RelNotes_en.txt"
},
{
"name" : "32355",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32355"
},
{
"name" : "50011",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/50011"
},
{
"name" : "32142",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32142"
},
{
"name" : "ADV-2008-3206",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3206"
},
{
"name" : "worldclient-html-xss(46688)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46688"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting (XSS) and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-3206",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3206"
},
{
"name": "32142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32142"
},
{
"name": "worldclient-html-xss(46688)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46688"
},
{
"name": "http://files.altn.com/MDaemon/Release/RelNotes_en.txt",
"refsource": "CONFIRM",
"url": "http://files.altn.com/MDaemon/Release/RelNotes_en.txt"
},
{
"name": "50011",
"refsource": "OSVDB",
"url": "http://osvdb.org/50011"
},
{
"name": "32355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32355"
}
]
}
}

150
2012/1xxx/CVE-2012-1084.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1084",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource" : "MISC",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name" : "51852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51852"
},
{
"name" : "78798",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78798"
},
{
"name" : "typo3-beuserswitch-unspecified-xss(72974)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72974"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "51852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51852"
},
{
"name": "typo3-beuserswitch-unspecified-xss(72974)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72974"
},
{
"name": "78798",
"refsource": "OSVDB",
"url": "http://osvdb.org/78798"
}
]
}
}

150
2012/1xxx/CVE-2012-1685.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1685",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "1027666",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027666"
},
{
"name" : "secureglobaldesktop-core-cve20121685(79379)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79379"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027666",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027666"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "secureglobaldesktop-core-cve20121685(79379)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79379"
}
]
}
}

150
2012/1xxx/CVE-2012-1919.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://en.securitylab.ru/lab/PT-2011-48",
"refsource" : "MISC",
"url" : "http://en.securitylab.ru/lab/PT-2011-48"
},
{
"name" : "http://atmail.org/download/atmailopen.tgz",
"refsource" : "CONFIRM",
"url" : "http://atmail.org/download/atmailopen.tgz"
},
{
"name" : "VU#743555",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/743555"
},
{
"name" : "47012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47012"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2011-48",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2011-48"
},
{
"name": "http://atmail.org/download/atmailopen.tgz",
"refsource": "CONFIRM",
"url": "http://atmail.org/download/atmailopen.tgz"
},
{
"name": "VU#743555",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/743555"
},
{
"name": "47012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47012"
}
]
}
}

210
2012/5xxx/CVE-2012-5076.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-5076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "RHSA-2012:1386",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1386.html"
},
{
"name" : "RHSA-2012:1391",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
},
{
"name" : "RHSA-2012:1467",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"name" : "SUSE-SU-2012:1398",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
},
{
"name" : "oval:org.mitre.oval:def:16641",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641"
},
{
"name" : "51029",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51029"
},
{
"name" : "51326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51326"
},
{
"name" : "51390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51390"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:1398",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "RHSA-2012:1386",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"
},
{
"name": "RHSA-2012:1391",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
},
{
"name": "51029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51029"
},
{
"name": "51390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51390"
},
{
"name": "RHSA-2012:1467",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"name": "oval:org.mitre.oval:def:16641",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16641"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
},
{
"name": "51326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51326"
}
]
}
}

160
2012/5xxx/CVE-2012-5082.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-5082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
},
{
"name" : "SUSE-SU-2012:1398",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
},
{
"name" : "56078",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56078"
},
{
"name" : "86370",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86370"
},
{
"name" : "oval:org.mitre.oval:def:15827",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15827"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:1398",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
},
{
"name": "86370",
"refsource": "OSVDB",
"url": "http://osvdb.org/86370"
},
{
"name": "oval:org.mitre.oval:def:15827",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15827"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
},
{
"name": "56078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56078"
}
]
}
}

250
2012/5xxx/CVE-2012-5512.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121203 Xen Security Advisory 28 (CVE-2012-5512) - HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/12/03/7"
},
{
"name" : "http://support.citrix.com/article/CTX135777",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX135777"
},
{
"name" : "GLSA-201309-24",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name" : "SUSE-SU-2012:1615",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html"
},
{
"name" : "openSUSE-SU-2013:0133",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html"
},
{
"name" : "openSUSE-SU-2012:1685",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html"
},
{
"name" : "openSUSE-SU-2012:1687",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html"
},
{
"name" : "56799",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56799"
},
{
"name" : "88132",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/88132"
},
{
"name" : "51397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51397"
},
{
"name" : "51486",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51486"
},
{
"name" : "51487",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51487"
},
{
"name" : "55082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55082"
},
{
"name" : "xen-hvmopsetmemaccess-dos(80481)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55082"
},
{
"name": "openSUSE-SU-2013:0133",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00011.html"
},
{
"name": "56799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56799"
},
{
"name": "http://support.citrix.com/article/CTX135777",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX135777"
},
{
"name": "GLSA-201309-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "51397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51397"
},
{
"name": "[oss-security] 20121203 Xen Security Advisory 28 (CVE-2012-5512) - HVMOP_get_mem_access crash / HVMOP_set_mem_access information leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/03/7"
},
{
"name": "openSUSE-SU-2012:1685",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00018.html"
},
{
"name": "51486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51486"
},
{
"name": "51487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51487"
},
{
"name": "xen-hvmopsetmemaccess-dos(80481)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80481"
},
{
"name": "88132",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/88132"
},
{
"name": "openSUSE-SU-2012:1687",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00019.html"
},
{
"name": "SUSE-SU-2012:1615",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html"
}
]
}
}

140
2012/5xxx/CVE-2012-5674.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-5674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-25.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-25.html"
},
{
"name" : "87555",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/87555"
},
{
"name" : "adobe-coldfusion-unspec-dos(80139)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80139"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "87555",
"refsource": "OSVDB",
"url": "http://osvdb.org/87555"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-25.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-25.html"
},
{
"name": "adobe-coldfusion-unspec-dos(80139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80139"
}
]
}
}

34
2012/5xxx/CVE-2012-5716.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5716",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5716",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2012/5xxx/CVE-2012-5784.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource" : "MISC",
"url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name" : "RHSA-2013:0269",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0269.html"
},
{
"name" : "RHSA-2013:0683",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0683.html"
},
{
"name" : "RHSA-2014:0037",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0037.html"
},
{
"name" : "56408",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56408"
},
{
"name" : "51219",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51219"
},
{
"name" : "apache-axis-ssl-spoofing(79829)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79829"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:0269",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0269.html"
},
{
"name": "RHSA-2014:0037",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0037.html"
},
{
"name": "51219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51219"
},
{
"name": "RHSA-2013:0683",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0683.html"
},
{
"name": "56408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56408"
},
{
"name": "apache-axis-ssl-spoofing(79829)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79829"
},
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
]
}
}

132
2017/11xxx/CVE-2017-11048.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-10-02T00:00:00",
"ID" : "CVE-2017-11048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-10-02T00:00:00",
"ID": "CVE-2017-11048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2017-10-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-10-01"
},
{
"name" : "101160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101160"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-10-01"
},
{
"name": "101160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101160"
}
]
}
}

130
2017/11xxx/CVE-2017-11051.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-11051",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffer hb_params is not initialized to zero."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-11051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2017-10-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-10-01"
},
{
"name" : "101160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101160"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, information disclosure is possible in function __wlan_hdd_cfg80211_testmode since buffer hb_params is not initialized to zero."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-10-01"
},
{
"name": "101160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101160"
}
]
}
}

120
2017/11xxx/CVE-2017-11131.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11131",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/fulldisclosure/2017/Jul/90",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Jul/90"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for authentication. Moreover, only the first 32 bytes of the hash are used. This allows for easy dictionary and rainbow-table attacks if an attacker has access to the password hash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/90",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/90"
}
]
}
}

130
2017/11xxx/CVE-2017-11164.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11164",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://openwall.com/lists/oss-security/2017/07/11/3",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2017/07/11/3"
},
{
"name" : "99575",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99575"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99575",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99575"
},
{
"name": "http://openwall.com/lists/oss-security/2017/07/11/3",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/07/11/3"
}
]
}
}

152
2017/3xxx/CVE-2017-3440.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3440",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Customer Interaction History",
"version" : {
"version_data" : [
{
"version_value" : "12.1.1"
},
{
"version_value" : "12.1.2"
},
{
"version_value" : "12.1.3"
}
]
}
}
]
},
"vendor_name" : "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Customer Interaction History",
"version": {
"version_data": [
{
"version_value": "12.1.1"
},
{
"version_value": "12.1.2"
},
{
"version_value": "12.1.3"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "95497",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95497"
},
{
"name" : "1037639",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037639"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95497"
},
{
"name": "1037639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037639"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

248
2017/3xxx/CVE-2017-3526.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3526",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "Java SE: 6u141"
},
{
"version_affected" : "=",
"version_value" : "7u131"
},
{
"version_affected" : "=",
"version_value" : "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 6u141"
},
{
"version_affected": "=",
"version_value": "7u131"
},
{
"version_affected": "=",
"version_value": "8u121; Java SE Embedded: 8u121; JRockit: R28.3.13"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "DSA-3858",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3858"
},
{
"name" : "GLSA-201705-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-03"
},
{
"name" : "GLSA-201707-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201707-01"
},
{
"name" : "RHSA-2017:1108",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1108"
},
{
"name" : "RHSA-2017:1109",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1109"
},
{
"name" : "RHSA-2017:1117",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1117"
},
{
"name" : "RHSA-2017:1118",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1118"
},
{
"name" : "RHSA-2017:1119",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1119"
},
{
"name" : "RHSA-2017:1204",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1204"
},
{
"name" : "97733",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97733"
},
{
"name" : "1038286",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038286"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201705-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-03"
},
{
"name": "RHSA-2017:1117",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1117"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "RHSA-2017:1109",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1109"
},
{
"name": "1038286",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038286"
},
{
"name": "DSA-3858",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3858"
},
{
"name": "RHSA-2017:1108",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1108"
},
{
"name": "RHSA-2017:1204",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1204"
},
{
"name": "97733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97733"
},
{
"name": "RHSA-2017:1118",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1118"
},
{
"name": "GLSA-201707-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-01"
},
{
"name": "RHSA-2017:1119",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1119"
}
]
}
}

152
2017/3xxx/CVE-2017-3638.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3638",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "5.7.18 and earlier"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7.18 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "RHSA-2017:2886",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name" : "99778",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99778"
},
{
"name" : "1038928",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99778"
},
{
"name": "1038928",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038928"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

170
2017/7xxx/CVE-2017-7149.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7149",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the \"StorageKit\" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally set to the password itself, not the entered hint value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79",
"refsource" : "MISC",
"url" : "https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79"
},
{
"name" : "https://nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now/",
"refsource" : "MISC",
"url" : "https://nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now/"
},
{
"name" : "https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/",
"refsource" : "MISC",
"url" : "https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/"
},
{
"name" : "https://support.apple.com/HT208165",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208165"
},
{
"name" : "101178",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101178"
},
{
"name" : "1039513",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039513"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.13 Supplemental Update is affected. The issue involves the \"StorageKit\" component. It allows attackers to discover passwords for APFS encrypted volumes by reading Disk Utility hints, because the stored hint value was accidentally set to the password itself, not the entered hint value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79",
"refsource": "MISC",
"url": "https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79"
},
{
"name": "https://support.apple.com/HT208165",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208165"
},
{
"name": "1039513",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039513"
},
{
"name": "https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/",
"refsource": "MISC",
"url": "https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/"
},
{
"name": "101178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101178"
},
{
"name": "https://nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now/",
"refsource": "MISC",
"url": "https://nakedsecurity.sophos.com/2017/10/05/urgent-update-your-mac-again-right-now/"
}
]
}
}

130
2017/7xxx/CVE-2017-7381.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference"
},
{
"name" : "97296",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/03/31/podofo-four-null-pointer-dereference"
},
{
"name": "97296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97296"
}
]
}
}

34
2017/7xxx/CVE-2017-7573.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7573",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7573",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2017/8xxx/CVE-2017-8126.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-8126",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "UMA",
"version" : {
"version_data" : [
{
"version_value" : "V200R001"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "privilege elevation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UMA",
"version": {
"version_data": [
{
"version_value": "V200R001"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
}

120
2017/8xxx/CVE-2017-8377.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/semplon/GeniXCMS/issues/72",
"refsource" : "MISC",
"url" : "https://github.com/semplon/GeniXCMS/issues/72"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/semplon/GeniXCMS/issues/72",
"refsource": "MISC",
"url": "https://github.com/semplon/GeniXCMS/issues/72"
}
]
}
}

34
2017/8xxx/CVE-2017-8430.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8430",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8430",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/8xxx/CVE-2017-8529.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8529",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Internet Explorer",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka \"Microsoft Browser Information Disclosure Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529"
},
{
"name" : "98953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98953"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka \"Microsoft Browser Information Disclosure Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98953"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529"
}
]
}
}

142
2017/8xxx/CVE-2017-8949.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-06-27T00:00:00",
"ID" : "CVE-2017-8949",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SiteScope",
"version" : {
"version_data" : [
{
"version_value" : "v11.2x, v11.3x"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Disclosure of Sensitive Information"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-06-27T00:00:00",
"ID": "CVE-2017-8949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiteScope",
"version": {
"version_data": [
{
"version_value": "v11.2x, v11.3x"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us"
},
{
"name" : "99331",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99331"
},
{
"name" : "1038791",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Disclosure of Sensitive Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038791"
},
{
"name": "99331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99331"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03763en_us"
}
]
}
}

130
2018/10xxx/CVE-2018-10259.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10259",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44538",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44538/"
},
{
"name" : "http://packetstormsecurity.com/files/147383/HRSALE-The-Ultimate-HRM-1.0.2-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/147383/HRSALE-The-Ultimate-HRM-1.0.2-Cross-Site-Scripting.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/147383/HRSALE-The-Ultimate-HRM-1.0.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/147383/HRSALE-The-Ultimate-HRM-1.0.2-Cross-Site-Scripting.html"
},
{
"name": "44538",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44538/"
}
]
}
}

120
2018/10xxx/CVE-2018-10295.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10295",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/chemcms/ChemCMS/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/chemcms/ChemCMS/issues/1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add an administrator account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chemcms/ChemCMS/issues/1",
"refsource": "MISC",
"url": "https://github.com/chemcms/ChemCMS/issues/1"
}
]
}
}

34
2018/10xxx/CVE-2018-10418.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10418",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10418",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2018/10xxx/CVE-2018-10616.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-07-17T00:00:00",
"ID" : "CVE-2018-10616",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ABB Panel Builder 800",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "ABB"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER INPUT VALIDATION CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-07-17T00:00:00",
"ID": "CVE-2018-10616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ABB Panel Builder 800",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "ABB"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-01"
},
{
"name" : "http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Action=Launch",
"refsource" : "CONFIRM",
"url" : "http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Action=Launch"
},
{
"name" : "104882",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104882"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ABB Panel Builder 800 all versions has an improper input validation vulnerability which may allow an attacker to insert and run arbitrary code on a computer where the affected product is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-198-01"
},
{
"name": "104882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104882"
},
{
"name": "http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Action=Launch",
"refsource": "CONFIRM",
"url": "http://search-ext.abb.com/library/Download.aspx?DocumentID=3BSE092089&Action=Launch"
}
]
}
}

120
2018/12xxx/CVE-2018-12078.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://peckshield.com/2018/06/11/tradeTrap/",
"refsource" : "MISC",
"url" : "https://peckshield.com/2018/06/11/tradeTrap/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for PolyAI (AI), a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the \"tradeTrap\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://peckshield.com/2018/06/11/tradeTrap/",
"refsource": "MISC",
"url": "https://peckshield.com/2018/06/11/tradeTrap/"
}
]
}
}

34
2018/12xxx/CVE-2018-12091.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12091",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12091",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/12xxx/CVE-2018-12817.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-12817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-12817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html"
},
{
"name" : "106472",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106472"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb19-04.html"
},
{
"name": "106472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106472"
}
]
}
}

140
2018/12xxx/CVE-2018-12878.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-12878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader",
"version" : {
"version_data" : [
{
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-12878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader",
"version": {
"version_data": [
{
"version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"name" : "105439",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105439"
},
{
"name" : "1041809",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "105439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105439"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
}
]
}
}

140
2018/13xxx/CVE-2018-13054.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180713 [SECURITY] [DLA-1420-1] cinnamon security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00011.html"
},
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1083067",
"refsource" : "MISC",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1083067"
},
{
"name" : "https://github.com/linuxmint/Cinnamon/pull/7683",
"refsource" : "MISC",
"url" : "https://github.com/linuxmint/Cinnamon/pull/7683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1083067",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1083067"
},
{
"name": "https://github.com/linuxmint/Cinnamon/pull/7683",
"refsource": "MISC",
"url": "https://github.com/linuxmint/Cinnamon/pull/7683"
},
{
"name": "[debian-lts-announce] 20180713 [SECURITY] [DLA-1420-1] cinnamon security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00011.html"
}
]
}
}

130
2018/13xxx/CVE-2018-13634.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13634",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for MediaCubeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MediaCubeToken",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MediaCubeToken"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for MediaCubeToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MediaCubeToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MediaCubeToken"
}
]
}
}

34
2018/13xxx/CVE-2018-13937.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13937",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13937",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/17xxx/CVE-2018-17015.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_11/README.md",
"refsource" : "MISC",
"url" : "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_11/README.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_11/README.md",
"refsource": "MISC",
"url": "https://github.com/PAGalaxyLab/VulInfo/blob/master/TP-Link/WR886N/inetd_task_dos_11/README.md"
}
]
}
}

130
2018/17xxx/CVE-2018-17128.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45449",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45449/"
},
{
"name" : "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/",
"refsource" : "MISC",
"url" : "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Persistent XSS issue was discovered in the Visual Editor in MyBB before 1.8.19 via a Video MyCode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/",
"refsource": "MISC",
"url": "https://blog.mybb.com/2018/09/11/mybb-1-8-19-released-security-maintenance-release/"
},
{
"name": "45449",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45449/"
}
]
}
}

130
2018/17xxx/CVE-2018-17394.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17394",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45478",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45478/"
},
{
"name" : "http://packetstormsecurity.com/files/149534/Joomla-Timetable-Schedule-3.6.8-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149534/Joomla-Timetable-Schedule-3.6.8-SQL-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45478",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45478/"
},
{
"name": "http://packetstormsecurity.com/files/149534/Joomla-Timetable-Schedule-3.6.8-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149534/Joomla-Timetable-Schedule-3.6.8-SQL-Injection.html"
}
]
}
}

34
2018/17xxx/CVE-2018-17399.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17399",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17399",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}