admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:11:59 +00:00
parent 10fcfcfb27
commit 32b4560fcc
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3265 additions and 3265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/0xxx/CVE-2002-0196.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0196",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020122 (Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory)",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/251699"
},
{
"name" : "http://sourceforge.net/forum/forum.php?forum_id=144966",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?forum_id=144966"
},
{
"name" : "3924",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3924"
},
{
"name" : "cwpapi-getrelativepath-view-files(7981)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7981.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3924"
},
{
"name": "cwpapi-getrelativepath-view-files(7981)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7981.php"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=144966",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=144966"
},
{
"name": "20020122 (Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/251699"
}
]
}
}

160
2002/0xxx/CVE-2002-0789.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0789",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020511 Bug in mnogosearch-3.1.19",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0092.html"
},
{
"name" : "http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz",
"refsource" : "CONFIRM",
"url" : "http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz"
},
{
"name" : "http://www.mnogosearch.org/history.html#log31",
"refsource" : "MISC",
"url" : "http://www.mnogosearch.org/history.html#log31"
},
{
"name" : "4724",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4724"
},
{
"name" : "mnogosearch-search-cgi-bo(9060)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9060.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4724"
},
{
"name": "mnogosearch-search-cgi-bo(9060)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9060.php"
},
{
"name": "http://www.mnogosearch.org/history.html#log31",
"refsource": "MISC",
"url": "http://www.mnogosearch.org/history.html#log31"
},
{
"name": "http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz",
"refsource": "CONFIRM",
"url": "http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz"
},
{
"name": "20020511 Bug in mnogosearch-3.1.19",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0092.html"
}
]
}
}

120
2002/0xxx/CVE-2002-0825.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.padl.com/Articles/PotentialBufferOverflowin.html",
"refsource" : "CONFIRM",
"url" : "http://www.padl.com/Articles/PotentialBufferOverflowin.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.padl.com/Articles/PotentialBufferOverflowin.html",
"refsource": "CONFIRM",
"url": "http://www.padl.com/Articles/PotentialBufferOverflowin.html"
}
]
}
}

140
2002/2xxx/CVE-2002-2256.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2256",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021127 pWins Perl Web Server Directory Transversal Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0347.html"
},
{
"name" : "6271",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6271"
},
{
"name" : "pwins-dotdot-directory-traversal(10724)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10724"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier allows remote attackers to read arbitrary files via Unicode characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021127 pWins Perl Web Server Directory Transversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0347.html"
},
{
"name": "pwins-dotdot-directory-traversal(10724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10724"
},
{
"name": "6271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6271"
}
]
}
}

140
2002/2xxx/CVE-2002-2259.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2259",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SuSE-SA:2002:047",
"refsource" : "SUSE",
"url" : "http://www.suse.com/de/security/2002_047_openldap2.html"
},
{
"name" : "6329",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6329"
},
{
"name" : "gnuplot-french-documentation-bo(10801)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10801"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gnuplot-french-documentation-bo(10801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10801"
},
{
"name": "6329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6329"
},
{
"name": "SuSE-SA:2002:047",
"refsource": "SUSE",
"url": "http://www.suse.com/de/security/2002_047_openldap2.html"
}
]
}
}

150
2005/0xxx/CVE-2005-0478.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0478",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP request with a long User-Agent header or (2) a long argument to an arbitrary PHP script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050218 Multiple vulnerabilities in TrackerCam 5.12",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/390918"
},
{
"name" : "12592",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12592"
},
{
"name" : "trackercam-php-bo(19411)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19411"
},
{
"name" : "trackercam-useragent-bo(19409)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19409"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP request with a long User-Agent header or (2) a long argument to an arbitrary PHP script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "trackercam-useragent-bo(19409)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19409"
},
{
"name": "20050218 Multiple vulnerabilities in TrackerCam 5.12",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/390918"
},
{
"name": "trackercam-php-bo(19411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19411"
},
{
"name": "12592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12592"
}
]
}
}

140
2005/0xxx/CVE-2005-0783.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050313 3 XSS Vulnerabilities in Phorum <= 5.0.14",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111083279031544&w=2"
},
{
"name" : "12800",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12800"
},
{
"name" : "14554",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14554"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12800"
},
{
"name": "14554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14554"
},
{
"name": "20050313 3 XSS Vulnerabilities in Phorum <= 5.0.14",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111083279031544&w=2"
}
]
}
}

170
2005/1xxx/CVE-2005-1082.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050409 AzDGDatingPlatinum multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/395530"
},
{
"name" : "20060628 AzDGDatingPlatinum<<--v1.1.0 \"view.php\" SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/438607/100/100/threaded"
},
{
"name" : "13082",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13082"
},
{
"name" : "15525",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15525"
},
{
"name" : "azdgdating-platinum-sql-injection(20051)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20051"
},
{
"name" : "azdgdatingplatinum-view-sql-injection(27436)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27436"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050409 AzDGDatingPlatinum multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/395530"
},
{
"name": "20060628 AzDGDatingPlatinum<<--v1.1.0 \"view.php\" SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438607/100/100/threaded"
},
{
"name": "13082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13082"
},
{
"name": "azdgdating-platinum-sql-injection(20051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20051"
},
{
"name": "15525",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15525"
},
{
"name": "azdgdatingplatinum-view-sql-injection(27436)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27436"
}
]
}
}

170
2005/1xxx/CVE-2005-1131.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1131",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but \"critical\" impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040413 Patch available for critical Veritas i3 Server vulnerability",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0008.html"
},
{
"name" : "http://seer.support.veritas.com/docs/276119.htm",
"refsource" : "MISC",
"url" : "http://seer.support.veritas.com/docs/276119.htm"
},
{
"name" : "13142",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13142"
},
{
"name" : "15498",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15498"
},
{
"name" : "1013694",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013694"
},
{
"name" : "14934",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14934"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but \"critical\" impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14934",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14934"
},
{
"name": "15498",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15498"
},
{
"name": "20040413 Patch available for critical Veritas i3 Server vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0008.html"
},
{
"name": "1013694",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013694"
},
{
"name": "http://seer.support.veritas.com/docs/276119.htm",
"refsource": "MISC",
"url": "http://seer.support.veritas.com/docs/276119.htm"
},
{
"name": "13142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13142"
}
]
}
}

130
2005/1xxx/CVE-2005-1488.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1488",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050504 Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111530933016434&w=2"
},
{
"name" : "merak-icewarp-script-xss(20467)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20467"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050504 Multiple vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111530933016434&w=2"
},
{
"name": "merak-icewarp-script-xss(20467)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20467"
}
]
}
}

150
2005/1xxx/CVE-2005-1496.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1496",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050505 Oracle 10g DBMS_SCHEDULER SESSION_USER issue",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111531740305049&w=2"
},
{
"name" : "http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html"
},
{
"name" : "13509",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13509"
},
{
"name" : "oracle10g-gain-privileges(20410)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20410"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html"
},
{
"name": "20050505 Oracle 10g DBMS_SCHEDULER SESSION_USER issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111531740305049&w=2"
},
{
"name": "13509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13509"
},
{
"name": "oracle10g-gain-privileges(20410)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20410"
}
]
}
}

170
2005/1xxx/CVE-2005-1663.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1663",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with \"://\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securiteam.com/windowsntfocus/5JP011PEKY.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/windowsntfocus/5JP011PEKY.html"
},
{
"name" : "12183",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12183"
},
{
"name" : "12719",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/12719"
},
{
"name" : "13732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13732"
},
{
"name" : "1012791",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1012791"
},
{
"name" : "jeuce-url-dos(18791)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with \"://\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/windowsntfocus/5JP011PEKY.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5JP011PEKY.html"
},
{
"name": "12719",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12719"
},
{
"name": "12183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12183"
},
{
"name": "jeuce-url-dos(18791)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18791"
},
{
"name": "13732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13732"
},
{
"name": "1012791",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012791"
}
]
}
}

270
2009/0xxx/CVE-2009-0550.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0550",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a \"credential-reflection protections\" opt-in step, aka \"Windows HTTP Services Credential Reflection Vulnerability\" and \"WinINet Credential Reflection Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
},
{
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138",
"refsource" : "CONFIRM",
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138"
},
{
"name" : "MS09-013",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013"
},
{
"name" : "MS09-014",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"name" : "TA09-104A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name" : "34439",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34439"
},
{
"name" : "53619",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53619"
},
{
"name" : "oval:org.mitre.oval:def:5320",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320"
},
{
"name" : "oval:org.mitre.oval:def:6233",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233"
},
{
"name" : "oval:org.mitre.oval:def:7569",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569"
},
{
"name" : "1022041",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022041"
},
{
"name" : "34677",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34677"
},
{
"name" : "34678",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34678"
},
{
"name" : "ADV-2009-1027",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1027"
},
{
"name" : "ADV-2009-1028",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1028"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a \"credential-reflection protections\" opt-in step, aka \"Windows HTTP Services Credential Reflection Vulnerability\" and \"WinINet Credential Reflection Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1028",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1028"
},
{
"name": "53619",
"refsource": "OSVDB",
"url": "http://osvdb.org/53619"
},
{
"name": "34677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34677"
},
{
"name": "TA09-104A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "1022041",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022041"
},
{
"name": "34678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34678"
},
{
"name": "oval:org.mitre.oval:def:6233",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6233"
},
{
"name": "oval:org.mitre.oval:def:7569",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7569"
},
{
"name": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/srd/archive/2009/04/14/ntlm-credential-reflection-updates-for-http-clients.aspx"
},
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138"
},
{
"name": "34439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34439"
},
{
"name": "MS09-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"name": "oval:org.mitre.oval:def:5320",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5320"
},
{
"name": "ADV-2009-1027",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1027"
},
{
"name": "MS09-013",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
}
]
}
}

170
2009/0xxx/CVE-2009-0673.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0673",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500988/100/0/threaded"
},
{
"name" : "8068",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8068"
},
{
"name" : "http://www.waraxe.us/advisory-72.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-72.html"
},
{
"name" : "http://ravenphpscripts.com/postt17156.html",
"refsource" : "CONFIRM",
"url" : "http://ravenphpscripts.com/postt17156.html"
},
{
"name" : "33787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33787"
},
{
"name" : "ravennuke-admin-code-execution(48790)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48790"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33787"
},
{
"name": "http://ravenphpscripts.com/postt17156.html",
"refsource": "CONFIRM",
"url": "http://ravenphpscripts.com/postt17156.html"
},
{
"name": "ravennuke-admin-code-execution(48790)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48790"
},
{
"name": "20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500988/100/0/threaded"
},
{
"name": "8068",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8068"
},
{
"name": "http://www.waraxe.us/advisory-72.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-72.html"
}
]
}
}

170
2009/0xxx/CVE-2009-0869.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21329223",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21329223"
},
{
"name" : "IC59481",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IC59481"
},
{
"name" : "34034",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34034"
},
{
"name" : "1021820",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021820"
},
{
"name" : "34189",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34189"
},
{
"name" : "ADV-2009-0638",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0638"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM 5.3.2.0 through 5.3.5.0, 5.4.0.0 through 5.4.2.5, and 5.5.0.0 through 5.5.1.4 on Windows allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021820",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021820"
},
{
"name": "34189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34189"
},
{
"name": "IC59481",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC59481"
},
{
"name": "ADV-2009-0638",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0638"
},
{
"name": "34034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34034"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21329223",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21329223"
}
]
}
}

150
2009/1xxx/CVE-2009-1006.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1006",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name" : "TA09-105A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name" : "34461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34461"
},
{
"name" : "1022059",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022059"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.2 and earlier, with SDK/JRE 1.4.2, JRE/JDK 5, and JRE/JDK 6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022059",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022059"
},
{
"name": "34461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "TA09-105A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
]
}
}

140
2009/1xxx/CVE-2009-1667.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1667",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8660",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/8660"
},
{
"name" : "8661",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/8661"
},
{
"name" : "8662",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/8662"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long entry in a .m3u file, a different vector than CVE-2009-5137."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8661",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8661"
},
{
"name": "8660",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8660"
},
{
"name": "8662",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8662"
}
]
}
}

150
2009/1xxx/CVE-2009-1784.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090509 [TZO-20-2009] AVG ZIP evasion / bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503392/100/0/threaded"
},
{
"name" : "http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html",
"refsource" : "MISC",
"url" : "http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html"
},
{
"name" : "34895",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34895"
},
{
"name" : "avg-zip-security-bypass(50426)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50426"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition f\u00fcr Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html",
"refsource": "MISC",
"url": "http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html"
},
{
"name": "avg-zip-security-bypass(50426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50426"
},
{
"name": "20090509 [TZO-20-2009] AVG ZIP evasion / bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503392/100/0/threaded"
},
{
"name": "34895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34895"
}
]
}
}

300
2009/1xxx/CVE-2009-1834.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1834",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \\u115A through \\u115E characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-25.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-25.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=479413",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=479413"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=503573",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=503573"
},
{
"name" : "DSA-1820",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1820"
},
{
"name" : "FEDORA-2009-6366",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html"
},
{
"name" : "FEDORA-2009-6411",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html"
},
{
"name" : "RHSA-2009:1095",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1095.html"
},
{
"name" : "SSA:2009-167-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468"
},
{
"name" : "264308",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
},
{
"name" : "35326",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35326"
},
{
"name" : "35388",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35388"
},
{
"name" : "55162",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55162"
},
{
"name" : "oval:org.mitre.oval:def:10436",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10436"
},
{
"name" : "35331",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35331"
},
{
"name" : "35431",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35431"
},
{
"name" : "35439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35439"
},
{
"name" : "35468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35468"
},
{
"name" : "35415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35415"
},
{
"name" : "ADV-2009-1572",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1572"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \\u115A through \\u115E characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1572",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1572"
},
{
"name": "35388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35388"
},
{
"name": "oval:org.mitre.oval:def:10436",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10436"
},
{
"name": "35326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35326"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-25.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-25.html"
},
{
"name": "FEDORA-2009-6411",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html"
},
{
"name": "35431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35431"
},
{
"name": "35331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35331"
},
{
"name": "35468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35468"
},
{
"name": "35439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35439"
},
{
"name": "FEDORA-2009-6366",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html"
},
{
"name": "35415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35415"
},
{
"name": "RHSA-2009:1095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1095.html"
},
{
"name": "SSA:2009-167-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468"
},
{
"name": "55162",
"refsource": "OSVDB",
"url": "http://osvdb.org/55162"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=479413",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=479413"
},
{
"name": "DSA-1820",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1820"
},
{
"name": "264308",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=503573",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503573"
}
]
}
}

300
2012/2xxx/CVE-2012-2311.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2311",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/",
"refsource" : "MISC",
"url" : "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"
},
{
"name" : "http://www.php.net/ChangeLog-5.php#5.4.3",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php#5.4.3"
},
{
"name" : "http://www.php.net/archive/2012.php#id2012-05-08-1",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/archive/2012.php#id2012-05-08-1"
},
{
"name" : "https://bugs.php.net/bug.php?id=61910",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=61910"
},
{
"name" : "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1"
},
{
"name" : "http://support.apple.com/kb/HT5501",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5501"
},
{
"name" : "APPLE-SA-2012-09-19-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name" : "DSA-2465",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2465"
},
{
"name" : "HPSBUX02791",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134012830914727&w=2"
},
{
"name" : "SSRT100856",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134012830914727&w=2"
},
{
"name" : "HPSBMU02900",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name" : "SSRT100992",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name" : "openSUSE-SU-2012:0590",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html"
},
{
"name" : "SUSE-SU-2012:0598",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
},
{
"name" : "SUSE-SU-2012:0604",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
},
{
"name" : "VU#520827",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/520827"
},
{
"name" : "1027022",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027022"
},
{
"name" : "49014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49014"
},
{
"name" : "49085",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49085"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100856",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"
},
{
"name": "SUSE-SU-2012:0604",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"
},
{
"name": "1027022",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027022"
},
{
"name": "openSUSE-SU-2012:0590",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html"
},
{
"name": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1"
},
{
"name": "49014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49014"
},
{
"name": "SUSE-SU-2012:0598",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"
},
{
"name": "https://bugs.php.net/bug.php?id=61910",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=61910"
},
{
"name": "http://www.php.net/archive/2012.php#id2012-05-08-1",
"refsource": "CONFIRM",
"url": "http://www.php.net/archive/2012.php#id2012-05-08-1"
},
{
"name": "APPLE-SA-2012-09-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "http://support.apple.com/kb/HT5501",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "SSRT100992",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/",
"refsource": "MISC",
"url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"
},
{
"name": "VU#520827",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/520827"
},
{
"name": "HPSBUX02791",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134012830914727&w=2"
},
{
"name": "DSA-2465",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2465"
},
{
"name": "49085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49085"
},
{
"name": "HPSBMU02900",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.4.3",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.4.3"
}
]
}
}

34
2012/3xxx/CVE-2012-3083.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3083",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3083",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2012/3xxx/CVE-2012-3639.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3639",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5400",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5400"
},
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-07-25-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
}

200
2012/3xxx/CVE-2012-3659.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3659",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5502",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5502"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name" : "APPLE-SA-2012-09-19-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name" : "55534",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55534"
},
{
"name" : "oval:org.mitre.oval:def:17562",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17562"
},
{
"name" : "apple-itunes-webkit-cve20123659(78515)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78515"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "apple-itunes-webkit-cve20123659(78515)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78515"
},
{
"name": "http://support.apple.com/kb/HT5502",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5502"
},
{
"name": "55534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55534"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:17562",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17562"
}
]
}
}

34
2012/4xxx/CVE-2012-4120.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4120",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-4120",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

150
2012/4xxx/CVE-2012-4173.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4173",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-4173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-23.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-23.html"
},
{
"name" : "VU#872545",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/872545"
},
{
"name" : "86538",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86538"
},
{
"name" : "adobe-cve20124173-bo(79545)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79545"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "adobe-cve20124173-bo(79545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79545"
},
{
"name": "VU#872545",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/872545"
},
{
"name": "86538",
"refsource": "OSVDB",
"url": "http://osvdb.org/86538"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-23.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-23.html"
}
]
}
}

360
2012/4xxx/CVE-2012-4540.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4540",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a \"triggering event attached to applet.\" NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!",
"refsource" : "MLIST",
"url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html"
},
{
"name" : "[oss-security] 20121107 IcedTea-Web CVE-2012-4540",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/11/07/5"
},
{
"name" : "[distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!",
"refsource" : "MLIST",
"url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=869040",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=869040"
},
{
"name" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS",
"refsource" : "CONFIRM",
"url" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS"
},
{
"name" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f",
"refsource" : "CONFIRM",
"url" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f"
},
{
"name" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe",
"refsource" : "CONFIRM",
"url" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1007960",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1007960"
},
{
"name" : "DSA-2768",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2768"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "MDVSA-2012:171",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171"
},
{
"name" : "RHSA-2012:1434",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1434.html"
},
{
"name" : "openSUSE-SU-2012:1524",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html"
},
{
"name" : "openSUSE-SU-2013:0174",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html"
},
{
"name" : "openSUSE-SU-2013:1509",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
},
{
"name" : "openSUSE-SU-2013:1511",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html"
},
{
"name" : "openSUSE-SU-2015:1595",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
},
{
"name" : "USN-1625-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1625-1"
},
{
"name" : "56434",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56434"
},
{
"name" : "62426",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62426"
},
{
"name" : "1027738",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027738"
},
{
"name" : "51206",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51206"
},
{
"name" : "51220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51220"
},
{
"name" : "51374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51374"
},
{
"name" : "icedtea-applet-bo(79894)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly execute arbitrary code via a crafted webpage that triggers a heap-based buffer overflow, related to an error message and a \"triggering event attached to applet.\" NOTE: the 1.4.x versions were originally associated with CVE-2013-4349, but that entry has been MERGED with this one."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.1/file/d759ec560073/NEWS"
},
{
"name": "DSA-2768",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2768"
},
{
"name": "openSUSE-SU-2015:1595",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/596a718be03f"
},
{
"name": "56434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56434"
},
{
"name": "RHSA-2012:1434",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1434.html"
},
{
"name": "[distro-pkg-dev] 20121107 IcedTea-Web 1.1.7, 1.2.2 and 1.3.1 [security releases] released!",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html"
},
{
"name": "51220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51220"
},
{
"name": "openSUSE-SU-2013:1511",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html"
},
{
"name": "icedtea-applet-bo(79894)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79894"
},
{
"name": "51374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51374"
},
{
"name": "1027738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027738"
},
{
"name": "USN-1625-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1625-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=869040",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=869040"
},
{
"name": "openSUSE-SU-2013:1509",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html"
},
{
"name": "[distro-pkg-dev] 20130919 IcedTea-Web 1.4.1 released!",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html"
},
{
"name": "51206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51206"
},
{
"name": "openSUSE-SU-2012:1524",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html"
},
{
"name": "62426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62426"
},
{
"name": "[oss-security] 20121107 IcedTea-Web CVE-2012-4540",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/5"
},
{
"name": "MDVSA-2012:171",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:171"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007960"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.3/rev/e7970f3da5fe"
},
{
"name": "openSUSE-SU-2013:0174",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html"
}
]
}
}

34
2012/4xxx/CVE-2012-4916.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4916",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4916",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/6xxx/CVE-2012-6006.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6006",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6006",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/6xxx/CVE-2012-6419.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6419",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6419",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

160
2012/6xxx/CVE-2012-6626.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6626",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120511 b2ePMS 1.0 Authentication Bypass Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-05/0065.html"
},
{
"name" : "18882",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18882"
},
{
"name" : "53505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53505"
},
{
"name" : "b2epms-verifyuser-authentication-bypass(75569)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75569"
},
{
"name" : "b2epms-verifyuser-sql-injection(75568)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75568"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53505"
},
{
"name": "b2epms-verifyuser-sql-injection(75568)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75568"
},
{
"name": "18882",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18882"
},
{
"name": "b2epms-verifyuser-authentication-bypass(75569)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75569"
},
{
"name": "20120511 b2ePMS 1.0 Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0065.html"
}
]
}
}

34
2017/2xxx/CVE-2017-2291.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2291",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2291",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

240
2017/2xxx/CVE-2017-2666.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2017-2666",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "undertow",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-444"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "undertow",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666"
},
{
"name" : "DSA-3906",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3906"
},
{
"name" : "RHSA-2017:1409",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
},
{
"name" : "RHSA-2017:1410",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1410"
},
{
"name" : "RHSA-2017:1411",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1411"
},
{
"name" : "RHSA-2017:1412",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1412"
},
{
"name" : "RHSA-2017:3454",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3454"
},
{
"name" : "RHSA-2017:3455",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name" : "RHSA-2017:3456",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name" : "RHSA-2017:3458",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name" : "98966",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98966"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1411",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1411"
},
{
"name": "RHSA-2017:1409",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-1409.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666"
},
{
"name": "DSA-3906",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3906"
},
{
"name": "RHSA-2017:3458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3458"
},
{
"name": "RHSA-2017:1410",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1410"
},
{
"name": "RHSA-2017:1412",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1412"
},
{
"name": "RHSA-2017:3455",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3455"
},
{
"name": "RHSA-2017:3456",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3456"
},
{
"name": "98966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98966"
},
{
"name": "RHSA-2017:3454",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3454"
}
]
}
}

150
2017/2xxx/CVE-2017-2967.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-2967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-2967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-031",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-031"
},
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
},
{
"name" : "95345",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95345"
},
{
"name" : "1037574",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037574"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-17-031",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-031"
},
{
"name": "95345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95345"
},
{
"name": "1037574",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037574"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
}
]
}
}

34
2017/6xxx/CVE-2017-6234.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6234",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6234",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2017/6xxx/CVE-2017-6834.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6834",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in ulaw2linear_buf (G711.cpp)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/03/13/6"
},
{
"name" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/"
},
{
"name" : "https://github.com/mpruett/audiofile/issues/38",
"refsource" : "MISC",
"url" : "https://github.com/mpruett/audiofile/issues/38"
},
{
"name" : "https://github.com/mpruett/audiofile/pull/42",
"refsource" : "MISC",
"url" : "https://github.com/mpruett/audiofile/pull/42"
},
{
"name" : "DSA-3814",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3814"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mpruett/audiofile/pull/42",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "[oss-security] 20170313 Re: audiofile: heap-based buffer overflow in ulaw2linear_buf (G711.cpp)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/6"
},
{
"name": "https://github.com/mpruett/audiofile/issues/38",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/38"
},
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/"
}
]
}
}

130
2018/11xxx/CVE-2018-11439.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180528 taglib 1.11.1 vuln",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/49"
},
{
"name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1430-1] taglib security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00022.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1430-1] taglib security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00022.html"
},
{
"name": "20180528 taglib 1.11.1 vuln",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/49"
}
]
}
}

34
2018/11xxx/CVE-2018-11662.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11662",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11662",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/11xxx/CVE-2018-11772.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11772",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11772",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/11xxx/CVE-2018-11909.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11909",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which presents a potential issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper access control can lead to device node and executable to be run from /cache/ which presents a potential issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=ecd2fb4ab9e2a6851add554af03cebe337345c44"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}

34
2018/14xxx/CVE-2018-14092.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14092",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14092",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/14xxx/CVE-2018-14125.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14125",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14125",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2018/14xxx/CVE-2018-14820.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-10-23T00:00:00",
"ID" : "CVE-2018-14820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Advantech WebAccess",
"version" : {
"version_data" : [
{
"version_value" : "WebAccess Versions 8.3.1 and prior"
}
]
}
}
]
},
"vendor_name" : "Advantech"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-14820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "WebAccess Versions 8.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,"
},
{
"name" : "105728",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105728"
},
{
"name" : "1041939",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041939"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041939",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041939"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,"
},
{
"name": "105728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105728"
}
]
}
}

34
2018/14xxx/CVE-2018-14880.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14880",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14880",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15238.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15238",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15238",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/15xxx/CVE-2018-15319.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"ID" : "CVE-2018-15319",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version" : {
"version_data" : [
{
"version_value" : "14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with the non-default \"normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2018-15319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version": {
"version_data": [
{
"version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.1.1, 12.1.0-12.1.3.6"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K64208870",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K64208870"
},
{
"name" : "107052",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107052"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with the non-default \"normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107052"
},
{
"name": "https://support.f5.com/csp/article/K64208870",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K64208870"
}
]
}
}

120
2018/15xxx/CVE-2018-15573.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15573",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated \"We do not consider this a vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-manager/",
"refsource" : "MISC",
"url" : "https://bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-manager/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated \"We do not consider this a vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-manager/",
"refsource": "MISC",
"url": "https://bittherapy.net/rce-with-arbitrary-file-write-and-xss-in-reprise-license-manager/"
}
]
}
}

34
2018/15xxx/CVE-2018-15794.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15794",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-15794",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

120
2018/15xxx/CVE-2018-15870.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15870",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/libming/libming/issues/122",
"refsource" : "MISC",
"url" : "https://github.com/libming/libming/issues/122"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libming/libming/issues/122",
"refsource": "MISC",
"url": "https://github.com/libming/libming/issues/122"
}
]
}
}

120
2018/20xxx/CVE-2018-20609.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2",
"refsource" : "MISC",
"url" : "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2",
"refsource": "MISC",
"url": "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure2"
}
]
}
}

132
2018/8xxx/CVE-2018-8030.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-06-18T00:00:00",
"ID" : "CVE-2018-8030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Qpid Broker-J",
"version" : {
"version_data" : [
{
"version_value" : "7.0.0, 7.0.1, 7.0.2, 7.0.3"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-06-18T00:00:00",
"ID": "CVE-2018-8030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Qpid Broker-J",
"version": {
"version_data": [
{
"version_value": "7.0.0, 7.0.1, 7.0.2, 7.0.3"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876@%3Cusers.qpid.apache.org%3E"
},
{
"name" : "1041138",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041138"
},
{
"name": "[qpid-users] 20180618 [SECURITY] [CVE-2018-8030] Apache Qpid Broker-J Denial of Service Vulnerability when AMQP 0-8...0-91 messages",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/1089a4f351a1bdca0618199e53bceeec59a10bf4e3008018d6949876@%3Cusers.qpid.apache.org%3E"
}
]
}
}