admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:04:34 +00:00
parent 6beaf9c730
commit 3aef721bca
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3982 additions and 3982 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/0xxx/CVE-2002-0102.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of \".\" characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://otn.oracle.com/deploy/security/pdf/webcache2.pdf",
"refsource" : "CONFIRM",
"url" : "http://otn.oracle.com/deploy/security/pdf/webcache2.pdf"
},
{
"name" : "3760",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3760"
},
{
"name" : "3762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3762"
},
{
"name" : "oracle-appserver-null-dos(7765)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7765"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of \".\" characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3760"
},
{
"name": "oracle-appserver-null-dos(7765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7765"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/webcache2.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/webcache2.pdf"
},
{
"name": "3762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3762"
}
]
}
}

150
2002/0xxx/CVE-2002-0900.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0900",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020524 pks public key server DOS and remote execution",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/274107"
},
{
"name" : "http://www.rubin.ch/pgp/src/patch_buffoverflow20020525",
"refsource" : "CONFIRM",
"url" : "http://www.rubin.ch/pgp/src/patch_buffoverflow20020525"
},
{
"name" : "4828",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4828"
},
{
"name" : "pgp-pks-search-bo(9171)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9171.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rubin.ch/pgp/src/patch_buffoverflow20020525",
"refsource": "CONFIRM",
"url": "http://www.rubin.ch/pgp/src/patch_buffoverflow20020525"
},
{
"name": "pgp-pks-search-bo(9171)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9171.php"
},
{
"name": "20020524 pks public key server DOS and remote execution",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/274107"
},
{
"name": "4828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4828"
}
]
}
}

140
2002/0xxx/CVE-2002-0976.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020817 Internet explorer can read local files",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102960731805373&w=2"
},
{
"name" : "5490",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5490"
},
{
"name" : "ie-xml-read-files(9885)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9885.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020817 Internet explorer can read local files",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102960731805373&w=2"
},
{
"name": "ie-xml-read-files(9885)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9885.php"
},
{
"name": "5490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5490"
}
]
}
}

210
2002/1xxx/CVE-2002-1369.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104032149026670&w=2"
},
{
"name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html"
},
{
"name" : "http://www.idefense.com/advisory/12.19.02.txt",
"refsource" : "MISC",
"url" : "http://www.idefense.com/advisory/12.19.02.txt"
},
{
"name" : "CLSA-2003:702",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702"
},
{
"name" : "DSA-232",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-232"
},
{
"name" : "MDKSA-2003:001",
"refsource" : "MANDRAKE",
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001"
},
{
"name" : "RHSA-2002:295",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-295.html"
},
{
"name" : "SuSE-SA:2003:002",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2003_002_cups.html"
},
{
"name" : "6438",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6438"
},
{
"name" : "cups-strncat-options-bo(10910)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10910"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html"
},
{
"name": "CLSA-2003:702",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702"
},
{
"name": "DSA-232",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-232"
},
{
"name": "SuSE-SA:2003:002",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_002_cups.html"
},
{
"name": "http://www.idefense.com/advisory/12.19.02.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/12.19.02.txt"
},
{
"name": "RHSA-2002:295",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-295.html"
},
{
"name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104032149026670&w=2"
},
{
"name": "MDKSA-2003:001",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001"
},
{
"name": "cups-strncat-options-bo(10910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10910"
},
{
"name": "6438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6438"
}
]
}
}

140
2002/1xxx/CVE-2002-1568.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cvs.openssl.org/chngview?cn=7659",
"refsource" : "CONFIRM",
"url" : "http://cvs.openssl.org/chngview?cn=7659"
},
{
"name" : "20031002 New OpenSSL remote vulnerability (issue date 2003/10/02)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106511018214983"
},
{
"name" : "http://www.ebitech.sk/patrik/SA/SA-20031002.txt",
"refsource" : "MISC",
"url" : "http://www.ebitech.sk/patrik/SA/SA-20031002.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ebitech.sk/patrik/SA/SA-20031002.txt",
"refsource": "MISC",
"url": "http://www.ebitech.sk/patrik/SA/SA-20031002.txt"
},
{
"name": "http://cvs.openssl.org/chngview?cn=7659",
"refsource": "CONFIRM",
"url": "http://cvs.openssl.org/chngview?cn=7659"
},
{
"name": "20031002 New OpenSSL remote vulnerability (issue date 2003/10/02)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106511018214983"
}
]
}
}

140
2002/2xxx/CVE-2002-2000.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2000",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SSRT0813",
"refsource" : "COMPAQ",
"url" : "http://ftp.support.compaq.com/patches/.new/html/SSRT0813.shtml"
},
{
"name" : "4184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4184"
},
{
"name" : "openvms-acms-process-privileges(8306)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8306.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT0813",
"refsource": "COMPAQ",
"url": "http://ftp.support.compaq.com/patches/.new/html/SSRT0813.shtml"
},
{
"name": "4184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4184"
},
{
"name": "openvms-acms-process-privileges(8306)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8306.php"
}
]
}
}

140
2002/2xxx/CVE-2002-2058.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2058",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020603 Security holes in two Teekai's products + security hole in ncmail.netscape.com",
"refsource" : "VULN-DEV",
"url" : "http://online.securityfocus.com/archive/82/275246"
},
{
"name" : "4926",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4926"
},
{
"name" : "teekais-forum-obtain-information(9286)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9286.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020603 Security holes in two Teekai's products + security hole in ncmail.netscape.com",
"refsource": "VULN-DEV",
"url": "http://online.securityfocus.com/archive/82/275246"
},
{
"name": "4926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4926"
},
{
"name": "teekais-forum-obtain-information(9286)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9286.php"
}
]
}
}

210
2005/0xxx/CVE-2005-0039.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0039",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en",
"refsource" : "MISC",
"url" : "http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en"
},
{
"name" : "20050509 NISCC Vulnerability Advisory IPSEC - 004033",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111566201610350&w=2"
},
{
"name" : "HPSBTU01217",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/407774"
},
{
"name" : "SSRT5957",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/407774"
},
{
"name" : "VU#302220",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/302220"
},
{
"name" : "13562",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13562"
},
{
"name" : "ADV-2005-0507",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0507"
},
{
"name" : "ADV-2005-2806",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2806"
},
{
"name" : "1015320",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015320"
},
{
"name" : "17938",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17938"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBTU01217",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/407774"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en"
},
{
"name": "20050509 NISCC Vulnerability Advisory IPSEC - 004033",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111566201610350&w=2"
},
{
"name": "SSRT5957",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/407774"
},
{
"name": "ADV-2005-2806",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2806"
},
{
"name": "13562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13562"
},
{
"name": "17938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17938"
},
{
"name": "ADV-2005-0507",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0507"
},
{
"name": "1015320",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015320"
},
{
"name": "VU#302220",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/302220"
}
]
}
}

140
2005/0xxx/CVE-2005-0320.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0320",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050128 Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holes",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110693950205007&w=2"
},
{
"name" : "12396",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12396"
},
{
"name" : "merak-icewarp-multiple-xss(19147)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "merak-icewarp-multiple-xss(19147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19147"
},
{
"name": "20050128 Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holes",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110693950205007&w=2"
},
{
"name": "12396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12396"
}
]
}
}

140
2005/1xxx/CVE-2005-1313.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[sork] 20050422 Passwd 2.2.2 (final)",
"refsource" : "MLIST",
"url" : "http://lists.horde.org/archives/sork/Week-of-Mon-20050418/002147.html"
},
{
"name" : "http://cvs.horde.org/diff.php/passwd/docs/CHANGES?r1=1.1.1.1.2.28&r2=1.1.1.1.2.33&ty=h",
"refsource" : "CONFIRM",
"url" : "http://cvs.horde.org/diff.php/passwd/docs/CHANGES?r1=1.1.1.1.2.28&r2=1.1.1.1.2.33&ty=h"
},
{
"name" : "15075",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15075"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15075"
},
{
"name": "http://cvs.horde.org/diff.php/passwd/docs/CHANGES?r1=1.1.1.1.2.28&r2=1.1.1.1.2.33&ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/passwd/docs/CHANGES?r1=1.1.1.1.2.28&r2=1.1.1.1.2.33&ty=h"
},
{
"name": "[sork] 20050422 Passwd 2.2.2 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/sork/Week-of-Mon-20050418/002147.html"
}
]
}
}

120
2005/1xxx/CVE-2005-1357.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1357",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "text.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050425 remote command execution in text.cgi script",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111445867315415&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "text.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050425 remote command execution in text.cgi script",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111445867315415&w=2"
}
]
}
}

620
2005/1xxx/CVE-2005-1921.json
View File

@ -1,312 +1,312 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-1921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050629 Advisory 02/2005: Remote code execution in Serendipity",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112008638320145&w=2"
},
{
"name" : "http://pear.php.net/package/XML_RPC/download/1.3.1",
"refsource" : "MISC",
"url" : "http://pear.php.net/package/XML_RPC/download/1.3.1"
},
{
"name" : "http://www.gulftech.org/?node=research&article_id=00087-07012005",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00087-07012005"
},
{
"name" : "http://www.hardened-php.net/advisory-022005.php",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisory-022005.php"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=338803",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=338803"
},
{
"name" : "DSA-745",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-745"
},
{
"name" : "DSA-747",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-747"
},
{
"name" : "DSA-789",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-789"
},
{
"name" : "DSA-746",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-746"
},
{
"name" : "GLSA-200507-01",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200507-01.xml"
},
{
"name" : "GLSA-200507-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200507-06.xml"
},
{
"name" : "GLSA-200507-07",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200507-07.xml"
},
{
"name" : "HPSBTU02083",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/419064/100/0/threaded"
},
{
"name" : "SSRT051069",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/419064/100/0/threaded"
},
{
"name" : "MDKSA-2005:109",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:109"
},
{
"name" : "RHSA-2005:564",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-564.html"
},
{
"name" : "SUSE-SA:2005:051",
"refsource" : "SUSE",
"url" : "http://marc.info/?l=bugtraq&m=112605112027335&w=2"
},
{
"name" : "20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112015336720867&w=2"
},
{
"name" : "http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt",
"refsource" : "CONFIRM",
"url" : "http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt"
},
{
"name" : "http://sourceforge.net/project/showfiles.php?group_id=87163",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/showfiles.php?group_id=87163"
},
{
"name" : "http://www.ampache.org/announce/3_3_1_2.php",
"refsource" : "CONFIRM",
"url" : "http://www.ampache.org/announce/3_3_1_2.php"
},
{
"name" : "SUSE-SA:2005:041",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_41_php_pear.html"
},
{
"name" : "SUSE-SA:2005:049",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_49_php.html"
},
{
"name" : "SUSE-SR:2005:018",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name" : "14088",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14088"
},
{
"name" : "oval:org.mitre.oval:def:11294",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294"
},
{
"name" : "ADV-2005-2827",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2827"
},
{
"name" : "oval:org.mitre.oval:def:350",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350"
},
{
"name" : "1015336",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015336"
},
{
"name" : "15852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15852"
},
{
"name" : "15872",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15872"
},
{
"name" : "15944",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15944"
},
{
"name" : "15947",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15947"
},
{
"name" : "15957",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15957"
},
{
"name" : "16001",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16001"
},
{
"name" : "18003",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18003"
},
{
"name" : "15810",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15810"
},
{
"name" : "15855",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15855"
},
{
"name" : "15861",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15861"
},
{
"name" : "15883",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15883"
},
{
"name" : "15884",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15884"
},
{
"name" : "15895",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15895"
},
{
"name" : "15903",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15903"
},
{
"name" : "15904",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15904"
},
{
"name" : "15916",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15916"
},
{
"name" : "15917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15917"
},
{
"name" : "15922",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15922"
},
{
"name" : "16339",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16339"
},
{
"name" : "16693",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16693"
},
{
"name" : "17440",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17440"
},
{
"name" : "17674",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17674"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:350",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A350"
},
{
"name": "DSA-789",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-789"
},
{
"name": "15947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15947"
},
{
"name": "15852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15852"
},
{
"name": "15944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15944"
},
{
"name": "SUSE-SR:2005:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "15883",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15883"
},
{
"name": "15872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15872"
},
{
"name": "15895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15895"
},
{
"name": "oval:org.mitre.oval:def:11294",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11294"
},
{
"name": "1015336",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015336"
},
{
"name": "DSA-746",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-746"
},
{
"name": "17674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17674"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00087-07012005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00087-07012005"
},
{
"name": "ADV-2005-2827",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2827"
},
{
"name": "15917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15917"
},
{
"name": "DSA-747",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-747"
},
{
"name": "SUSE-SA:2005:041",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_41_php_pear.html"
},
{
"name": "http://www.hardened-php.net/advisory-022005.php",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory-022005.php"
},
{
"name": "SSRT051069",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/419064/100/0/threaded"
},
{
"name": "SUSE-SA:2005:051",
"refsource": "SUSE",
"url": "http://marc.info/?l=bugtraq&m=112605112027335&w=2"
},
{
"name": "15957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15957"
},
{
"name": "http://www.ampache.org/announce/3_3_1_2.php",
"refsource": "CONFIRM",
"url": "http://www.ampache.org/announce/3_3_1_2.php"
},
{
"name": "15810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15810"
},
{
"name": "GLSA-200507-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200507-01.xml"
},
{
"name": "http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt",
"refsource": "CONFIRM",
"url": "http://www.drupal.org/security/drupal-sa-2005-003/advisory.txt"
},
{
"name": "14088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14088"
},
{
"name": "16693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16693"
},
{
"name": "20050629 Advisory 02/2005: Remote code execution in Serendipity",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112008638320145&w=2"
},
{
"name": "20050629 [DRUPAL-SA-2005-003] Drupal 4.6.2 / 4.5.4 fixes critical XML-RPC issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112015336720867&w=2"
},
{
"name": "GLSA-200507-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200507-07.xml"
},
{
"name": "15904",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15904"
},
{
"name": "15903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15903"
},
{
"name": "SUSE-SA:2005:049",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_49_php.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=338803",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=338803"
},
{
"name": "17440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17440"
},
{
"name": "15922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15922"
},
{
"name": "15884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15884"
},
{
"name": "15916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15916"
},
{
"name": "RHSA-2005:564",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-564.html"
},
{
"name": "http://pear.php.net/package/XML_RPC/download/1.3.1",
"refsource": "MISC",
"url": "http://pear.php.net/package/XML_RPC/download/1.3.1"
},
{
"name": "16001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16001"
},
{
"name": "http://sourceforge.net/project/showfiles.php?group_id=87163",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/showfiles.php?group_id=87163"
},
{
"name": "MDKSA-2005:109",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:109"
},
{
"name": "GLSA-200507-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200507-06.xml"
},
{
"name": "DSA-745",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-745"
},
{
"name": "HPSBTU02083",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/419064/100/0/threaded"
},
{
"name": "15855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15855"
},
{
"name": "16339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16339"
},
{
"name": "18003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18003"
},
{
"name": "15861",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15861"
}
]
}
}

160
2005/1xxx/CVE-2005-1963.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1963",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://echo.or.id/adv/adv15-theday-2005.txt",
"refsource" : "MISC",
"url" : "http://echo.or.id/adv/adv15-theday-2005.txt"
},
{
"name" : "http://forum.cerberusweb.com/showthread.php?threadid=5162&goto=newpost",
"refsource" : "CONFIRM",
"url" : "http://forum.cerberusweb.com/showthread.php?threadid=5162&goto=newpost"
},
{
"name" : "http://www.wgmdev.com/jira/browse/CERB-170",
"refsource" : "CONFIRM",
"url" : "http://www.wgmdev.com/jira/browse/CERB-170"
},
{
"name" : "1014128",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014128"
},
{
"name" : "15641",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15641"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wgmdev.com/jira/browse/CERB-170",
"refsource": "CONFIRM",
"url": "http://www.wgmdev.com/jira/browse/CERB-170"
},
{
"name": "http://forum.cerberusweb.com/showthread.php?threadid=5162&goto=newpost",
"refsource": "CONFIRM",
"url": "http://forum.cerberusweb.com/showthread.php?threadid=5162&goto=newpost"
},
{
"name": "1014128",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014128"
},
{
"name": "http://echo.or.id/adv/adv15-theday-2005.txt",
"refsource": "MISC",
"url": "http://echo.or.id/adv/adv15-theday-2005.txt"
},
{
"name": "15641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15641"
}
]
}
}

130
2009/0xxx/CVE-2009-0829.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0829",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "33166",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33166"
},
{
"name" : "33420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33420"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33166"
},
{
"name": "33420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33420"
}
]
}
}

34
2009/1xxx/CVE-2009-1113.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1113",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1113",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2009/1xxx/CVE-2009-1470.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1470",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1470",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

230
2009/5xxx/CVE-2009-5030.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an \"invalid free.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-5030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120413 Re: CVE Request: Heap corruption in openjpeg",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/13/5"
},
{
"name" : "http://code.google.com/p/openjpeg/issues/detail?id=5",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/openjpeg/issues/detail?id=5"
},
{
"name" : "http://code.google.com/p/openjpeg/source/detail?r=1703",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/openjpeg/source/detail?r=1703"
},
{
"name" : "https://groups.google.com/forum/#!topic/openjpeg/DLVrRKbTeI0/discussion",
"refsource" : "CONFIRM",
"url" : "https://groups.google.com/forum/#!topic/openjpeg/DLVrRKbTeI0/discussion"
},
{
"name" : "FEDORA-2012-9602",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083105.html"
},
{
"name" : "FEDORA-2012-9628",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082923.html"
},
{
"name" : "MDVSA-2012:104",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:104"
},
{
"name" : "RHSA-2012:1068",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1068.html"
},
{
"name" : "53012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53012"
},
{
"name" : "48781",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48781"
},
{
"name" : "49913",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49913"
},
{
"name" : "openjpeg-tcdfreeencode-code-execution(74851)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74851"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image, which causes insufficient memory to be allocated and leads to an \"invalid free.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48781",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48781"
},
{
"name": "RHSA-2012:1068",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1068.html"
},
{
"name": "https://groups.google.com/forum/#!topic/openjpeg/DLVrRKbTeI0/discussion",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/openjpeg/DLVrRKbTeI0/discussion"
},
{
"name": "http://code.google.com/p/openjpeg/source/detail?r=1703",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/openjpeg/source/detail?r=1703"
},
{
"name": "FEDORA-2012-9602",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/083105.html"
},
{
"name": "49913",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49913"
},
{
"name": "openjpeg-tcdfreeencode-code-execution(74851)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74851"
},
{
"name": "MDVSA-2012:104",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:104"
},
{
"name": "[oss-security] 20120413 Re: CVE Request: Heap corruption in openjpeg",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/13/5"
},
{
"name": "53012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53012"
},
{
"name": "FEDORA-2012-9628",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082923.html"
},
{
"name": "http://code.google.com/p/openjpeg/issues/detail?id=5",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/openjpeg/issues/detail?id=5"
}
]
}
}

150
2009/5xxx/CVE-2009-5091.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5091",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8050",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/8050"
},
{
"name" : "33766",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33766"
},
{
"name" : "33931",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33931"
},
{
"name" : "vlinks-page-sql-injection(48729)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48729"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vlinks-page-sql-injection(48729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48729"
},
{
"name": "8050",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8050"
},
{
"name": "33766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33766"
},
{
"name": "33931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33931"
}
]
}
}

190
2012/2xxx/CVE-2012-2066.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name" : "http://drupal.org/node/1482528",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1482528"
},
{
"name" : "http://drupal.org/node/1482442",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1482442"
},
{
"name" : "http://drupal.org/node/1482466",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1482466"
},
{
"name" : "http://drupal.org/node/1482480",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1482480"
},
{
"name" : "80079",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/80079"
},
{
"name" : "48435",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48435"
},
{
"name" : "ckeditor-drupal-unspec-xss(74036)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74036"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1482442",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1482442"
},
{
"name": "http://drupal.org/node/1482480",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1482480"
},
{
"name": "80079",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80079"
},
{
"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "http://drupal.org/node/1482466",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1482466"
},
{
"name": "ckeditor-drupal-unspec-xss(74036)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74036"
},
{
"name": "48435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48435"
},
{
"name": "http://drupal.org/node/1482528",
"refsource": "MISC",
"url": "http://drupal.org/node/1482528"
}
]
}
}

150
2012/2xxx/CVE-2012-2718.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to \"recording visits.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/1608854",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1608854"
},
{
"name" : "53736",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53736"
},
{
"name" : "82527",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/82527"
},
{
"name" : "drupal-counter-unspecified-sql-injection(76004)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to \"recording visits.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "drupal-counter-unspecified-sql-injection(76004)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76004"
},
{
"name": "82527",
"refsource": "OSVDB",
"url": "http://osvdb.org/82527"
},
{
"name": "http://drupal.org/node/1608854",
"refsource": "MISC",
"url": "http://drupal.org/node/1608854"
},
{
"name": "53736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53736"
}
]
}
}

190
2012/2xxx/CVE-2012-2817.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=120222",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=120222"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html"
},
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5502",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5502"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name" : "openSUSE-SU-2012:0813",
"refsource" : "SUSE",
"url" : "https://hermes.opensuse.org/messages/15075728"
},
{
"name" : "oval:org.mitre.oval:def:15264",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15264"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name": "openSUSE-SU-2012:0813",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15075728"
},
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "http://support.apple.com/kb/HT5502",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5502"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html"
},
{
"name": "oval:org.mitre.oval:def:15264",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15264"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=120222",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=120222"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
}
]
}
}

140
2012/2xxx/CVE-2012-2995.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2995",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#471364",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/471364"
},
{
"name" : "1027544",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027544"
},
{
"name" : "50620",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50620"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027544"
},
{
"name": "VU#471364",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/471364"
},
{
"name": "50620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50620"
}
]
}
}

130
2012/3xxx/CVE-2012-3276.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-3276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBOV02834",
"refsource" : "HP",
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03599086"
},
{
"name" : "SSRT101055",
"refsource" : "HP",
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03599086"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101055",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03599086"
},
{
"name": "HPSBOV02834",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03599086"
}
]
}
}

150
2012/3xxx/CVE-2012-3312.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-3312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://en.securitylab.ru/lab/",
"refsource" : "MISC",
"url" : "http://en.securitylab.ru/lab/"
},
{
"name" : "http://en.securitylab.ru/lab/PT-2012-15",
"refsource" : "MISC",
"url" : "http://en.securitylab.ru/lab/PT-2012-15"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21609224",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21609224"
},
{
"name" : "infosphere-gaurdium-savepassword-info-disc(77785)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77785"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2012-15",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2012-15"
},
{
"name": "infosphere-gaurdium-savepassword-info-disc(77785)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77785"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21609224",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21609224"
},
{
"name": "http://en.securitylab.ru/lab/",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/"
}
]
}
}

140
2012/3xxx/CVE-2012-3327.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3327",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-3327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
},
{
"name" : "IV22698",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
},
{
"name" : "mam-login-xss(78039)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to a login action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21625624"
},
{
"name": "mam-login-xss(78039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78039"
},
{
"name": "IV22698",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV22698"
}
]
}
}

34
2012/3xxx/CVE-2012-3462.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3462",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3462",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2012/4xxx/CVE-2012-4049.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4049",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=43576&r2=43575&pathrev=43576",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=43576&r2=43575&pathrev=43576"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=43576",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=43576"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-12.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7436",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7436"
},
{
"name" : "GLSA-201308-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name" : "openSUSE-SU-2012:0930",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00000.html"
},
{
"name" : "oval:org.mitre.oval:def:15707",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15707"
},
{
"name" : "49971",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49971"
},
{
"name" : "54425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54425"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=43576",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=43576"
},
{
"name": "oval:org.mitre.oval:def:15707",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15707"
},
{
"name": "49971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49971"
},
{
"name": "54425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54425"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2012-12.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2012-12.html"
},
{
"name": "GLSA-201308-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7436",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7436"
},
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=43576&r2=43575&pathrev=43576",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=43576&r2=43575&pathrev=43576"
},
{
"name": "openSUSE-SU-2012:0930",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00000.html"
}
]
}
}

170
2012/4xxx/CVE-2012-4231.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121017 Multiple vulnerabilities in jCore",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-10/0097.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23107",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23107"
},
{
"name" : "http://jcore.net/news/jcore-ver-10pre2-available-for-testing",
"refsource" : "CONFIRM",
"url" : "http://jcore.net/news/jcore-ver-10pre2-available-for-testing"
},
{
"name" : "56102",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56102"
},
{
"name" : "86495",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86495"
},
{
"name" : "jcore-index-xss(79441)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79441"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jcore.net/news/jcore-ver-10pre2-available-for-testing",
"refsource": "CONFIRM",
"url": "http://jcore.net/news/jcore-ver-10pre2-available-for-testing"
},
{
"name": "https://www.htbridge.com/advisory/HTB23107",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23107"
},
{
"name": "jcore-index-xss(79441)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79441"
},
{
"name": "56102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56102"
},
{
"name": "86495",
"refsource": "OSVDB",
"url": "http://osvdb.org/86495"
},
{
"name": "20121017 Multiple vulnerabilities in jCore",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0097.html"
}
]
}
}

150
2012/4xxx/CVE-2012-4357.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4357",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aluigi.org/adv/winlog_2-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/winlog_2-adv.txt"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf"
},
{
"name" : "http://www.sielcosistemi.com/en/news/index.html?id=69",
"refsource" : "CONFIRM",
"url" : "http://www.sielcosistemi.com/en/news/index.html?id=69"
},
{
"name" : "49395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49395"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.org/adv/winlog_2-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/winlog_2-adv.txt"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf"
},
{
"name": "49395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49395"
},
{
"name": "http://www.sielcosistemi.com/en/news/index.html?id=69",
"refsource": "CONFIRM",
"url": "http://www.sielcosistemi.com/en/news/index.html?id=69"
}
]
}
}

34
2012/4xxx/CVE-2012-4962.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4962",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4962",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

220
2012/4xxx/CVE-2012-4969.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/",
"refsource" : "MISC",
"url" : "http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/"
},
{
"name" : "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb",
"refsource" : "MISC",
"url" : "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb"
},
{
"name" : "http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/",
"refsource" : "MISC",
"url" : "http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/"
},
{
"name" : "http://www.securityweek.com/new-internet-explorer-zero-day-being-exploited-wild",
"refsource" : "MISC",
"url" : "http://www.securityweek.com/new-internet-explorer-zero-day-being-exploited-wild"
},
{
"name" : "http://technet.microsoft.com/security/advisory/2757760",
"refsource" : "CONFIRM",
"url" : "http://technet.microsoft.com/security/advisory/2757760"
},
{
"name" : "TA12-262A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-262A.html"
},
{
"name" : "TA12-265A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-265A.html"
},
{
"name" : "TA12-255A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-255A.html"
},
{
"name" : "VU#480095",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/480095"
},
{
"name" : "oval:org.mitre.oval:def:15729",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15729"
},
{
"name" : "1027538",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027538"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-265A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-265A.html"
},
{
"name": "VU#480095",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/480095"
},
{
"name": "oval:org.mitre.oval:def:15729",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15729"
},
{
"name": "TA12-262A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-262A.html"
},
{
"name": "http://www.securityweek.com/new-internet-explorer-zero-day-being-exploited-wild",
"refsource": "MISC",
"url": "http://www.securityweek.com/new-internet-explorer-zero-day-being-exploited-wild"
},
{
"name": "http://technet.microsoft.com/security/advisory/2757760",
"refsource": "CONFIRM",
"url": "http://technet.microsoft.com/security/advisory/2757760"
},
{
"name": "TA12-255A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-255A.html"
},
{
"name": "http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/",
"refsource": "MISC",
"url": "http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day_en/"
},
{
"name": "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb",
"refsource": "MISC",
"url": "http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb"
},
{
"name": "1027538",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027538"
},
{
"name": "http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/",
"refsource": "MISC",
"url": "http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/"
}
]
}
}

34
2012/6xxx/CVE-2012-6171.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6171",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6171",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

170
2012/6xxx/CVE-2012-6303.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6303",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19772",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/19772"
},
{
"name" : "[oss-secuirty] 20131210 CVE-2012-6303 WaveSurfer and Snack Sound Toolkit buffer overflows",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/12/10/2"
},
{
"name" : "GLSA-201309-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201309-04.xml"
},
{
"name" : "MDVSA-2013:126",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:126"
},
{
"name" : "openSUSE-SU-2015:0382",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00034.html"
},
{
"name" : "49889",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49889"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49889"
},
{
"name": "19772",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19772"
},
{
"name": "GLSA-201309-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201309-04.xml"
},
{
"name": "[oss-secuirty] 20131210 CVE-2012-6303 WaveSurfer and Snack Sound Toolkit buffer overflows",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/10/2"
},
{
"name": "openSUSE-SU-2015:0382",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00034.html"
},
{
"name": "MDVSA-2013:126",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:126"
}
]
}
}

120
2012/6xxx/CVE-2012-6439.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}

190
2012/6xxx/CVE-2012-6519.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6519",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120426 DIY CMS v1.0 Poll - Multiple Web Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0213.html"
},
{
"name" : "18804",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18804"
},
{
"name" : "http://packetstormsecurity.org/files/112224/DIY-CMS-1.0-Poll-XSS-CSRF-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/112224/DIY-CMS-1.0-Poll-XSS-CSRF-SQL-Injection.html"
},
{
"name" : "http://www.vulnerability-lab.com/get_content.php?id=518",
"refsource" : "MISC",
"url" : "http://www.vulnerability-lab.com/get_content.php?id=518"
},
{
"name" : "53266",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53266"
},
{
"name" : "81560",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/81560"
},
{
"name" : "49011",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49011"
},
{
"name" : "diycms-index-sql-injection(75228)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75228"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18804",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18804"
},
{
"name": "20120426 DIY CMS v1.0 Poll - Multiple Web Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0213.html"
},
{
"name": "53266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53266"
},
{
"name": "49011",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49011"
},
{
"name": "diycms-index-sql-injection(75228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75228"
},
{
"name": "81560",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81560"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=518",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=518"
},
{
"name": "http://packetstormsecurity.org/files/112224/DIY-CMS-1.0-Poll-XSS-CSRF-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112224/DIY-CMS-1.0-Poll-XSS-CSRF-SQL-Injection.html"
}
]
}
}

130
2017/2xxx/CVE-2017-2141.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WN-G300R3",
"version" : {
"version_data" : [
{
"version_value" : "firmware Ver.1.03 and earlier"
}
]
}
}
]
},
"vendor_name" : "I-O DATA DEVICE, INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WN-G300R3",
"version": {
"version_data": [
{
"version_value": "firmware Ver.1.03 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.iodata.jp/support/information/2017/wn-g300r3/",
"refsource" : "MISC",
"url" : "http://www.iodata.jp/support/information/2017/wn-g300r3/"
},
{
"name" : "JVN#81024552",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN81024552/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#81024552",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"name": "http://www.iodata.jp/support/information/2017/wn-g300r3/",
"refsource": "MISC",
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
]
}
}

234
2017/2xxx/CVE-2017-2619.json
View File

@ -1,119 +1,119 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2017-03-27T00:00:00",
"ID" : "CVE-2017-2619",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "samba",
"version" : {
"version_data" : [
{
"version_value" : "4.6.1"
},
{
"version_value" : "4.5.7"
},
{
"version_value" : "4.4.11"
}
]
}
}
]
},
"vendor_name" : "Samba"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-362"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-03-27T00:00:00",
"ID": "CVE-2017-2619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "4.6.1"
},
{
"version_value": "4.5.7"
},
{
"version_value": "4.4.11"
}
]
}
}
]
},
"vendor_name": "Samba"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41740",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41740/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1429472",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1429472"
},
{
"name" : "https://www.samba.org/samba/security/CVE-2017-2619.html",
"refsource" : "CONFIRM",
"url" : "https://www.samba.org/samba/security/CVE-2017-2619.html"
},
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"
},
{
"name" : "DSA-3816",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3816"
},
{
"name" : "RHSA-2017:1265",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1265"
},
{
"name" : "RHSA-2017:2338",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2338"
},
{
"name" : "RHSA-2017:2778",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2778"
},
{
"name" : "RHSA-2017:2789",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2789"
},
{
"name" : "97033",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97033"
},
{
"name" : "1038117",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038117"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2778",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2778"
},
{
"name": "DSA-3816",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3816"
},
{
"name": "97033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97033"
},
{
"name": "41740",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41740/"
},
{
"name": "1038117",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038117"
},
{
"name": "RHSA-2017:2338",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2338"
},
{
"name": "https://www.samba.org/samba/security/CVE-2017-2619.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2017-2619.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1429472",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1429472"
},
{
"name": "RHSA-2017:1265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1265"
},
{
"name": "RHSA-2017:2789",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2789"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us"
}
]
}
}

160
2017/2xxx/CVE-2017-2651.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2017-2651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "jenkins-mailer-plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.20"
}
]
}
}
]
},
"vendor_name" : "Jenkins"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jenkins-mailer-plugin",
"version": {
"version_data": [
{
"version_value": "1.20"
}
]
}
}
]
},
"vendor_name": "Jenkins"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2651",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2651"
},
{
"name" : "https://jenkins.io/security/advisory/2017-03-20/",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2017-03-20/"
},
{
"name" : "96984",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96984"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jenkins-mailer-plugin before version 1.20 is vulnerable to an information disclosure while using the feature to send emails to a dynamically created list of users based on the changelogs. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96984"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2651",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2651"
},
{
"name": "https://jenkins.io/security/advisory/2017-03-20/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-03-20/"
}
]
}
}

132
2017/2xxx/CVE-2017-2694.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-2694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HwVmall",
"version" : {
"version_data" : [
{
"version_value" : "Earlier than HwVmall 1.5.2.0 versions"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Permission Control"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HwVmall",
"version": {
"version_data": [
{
"version_value": "Earlier than HwVmall 1.5.2.0 versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en"
},
{
"name" : "95915",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95915"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AlarmService component in HwVmall with software earlier than 1.5.2.0 versions has no control over calling permissions, allowing any third party to call. An attacker can construct a malicious application to call it. Consequently, alert music will be played suddenly, compromising user experience."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Permission Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95915"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-vmall-en"
}
]
}
}

34
2017/6xxx/CVE-2017-6216.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6216",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6216",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/6xxx/CVE-2017-6700.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-6700",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Prime Infrastructure and Evolved Programmable Network Manager",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Prime Infrastructure and Evolved Programmable Network Manager"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24620 CSCvc49586. Known Affected Releases: 3.1(1) 2.0(4.0.45B)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DOM Cross-Site Scripting Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Prime Infrastructure and Evolved Programmable Network Manager",
"version": {
"version_data": [
{
"version_value": "Cisco Prime Infrastructure and Evolved Programmable Network Manager"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm4",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm4"
},
{
"name" : "99216",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99216"
},
{
"name" : "1038751",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038751"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) based (environment or client-side) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc24620 CSCvc49586. Known Affected Releases: 3.1(1) 2.0(4.0.45B)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOM Cross-Site Scripting Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038751",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038751"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm4",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-piepnm4"
},
{
"name": "99216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99216"
}
]
}
}

180
2017/6xxx/CVE-2017-6815.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6815",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://codex.wordpress.org/Version_4.7.3",
"refsource" : "MISC",
"url" : "https://codex.wordpress.org/Version_4.7.3"
},
{
"name" : "https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e",
"refsource" : "MISC",
"url" : "https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e"
},
{
"name" : "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/",
"refsource" : "MISC",
"url" : "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8766",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8766"
},
{
"name" : "DSA-3815",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3815"
},
{
"name" : "96600",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96600"
},
{
"name" : "1037959",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037959"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In WordPress before 4.7.3 (wp-includes/pluggable.php), control characters can trick redirect URL validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96600"
},
{
"name": "1037959",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037959"
},
{
"name": "DSA-3815",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3815"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8766",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8766"
},
{
"name": "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/",
"refsource": "MISC",
"url": "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/"
},
{
"name": "https://codex.wordpress.org/Version_4.7.3",
"refsource": "MISC",
"url": "https://codex.wordpress.org/Version_4.7.3"
},
{
"name": "https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e",
"refsource": "MISC",
"url": "https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e"
}
]
}
}

130
2018/11xxx/CVE-2018-11226.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/document/d/1NtI3PiiL55SMj-kmdwJhMViIALGHPnLZYRxOgNCfhYA/edit",
"refsource" : "MISC",
"url" : "https://docs.google.com/document/d/1NtI3PiiL55SMj-kmdwJhMViIALGHPnLZYRxOgNCfhYA/edit"
},
{
"name" : "https://github.com/libming/libming/issues/144",
"refsource" : "MISC",
"url" : "https://github.com/libming/libming/issues/144"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libming/libming/issues/144",
"refsource": "MISC",
"url": "https://github.com/libming/libming/issues/144"
},
{
"name": "https://docs.google.com/document/d/1NtI3PiiL55SMj-kmdwJhMViIALGHPnLZYRxOgNCfhYA/edit",
"refsource": "MISC",
"url": "https://docs.google.com/document/d/1NtI3PiiL55SMj-kmdwJhMViIALGHPnLZYRxOgNCfhYA/edit"
}
]
}
}

140
2018/11xxx/CVE-2018-11488.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11488",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/bitsadmin/exploits/tree/master/CVE-2018-11488",
"refsource" : "MISC",
"url" : "https://github.com/bitsadmin/exploits/tree/master/CVE-2018-11488"
},
{
"name" : "https://www.dtsearch.com/ReleaseNotes.html",
"refsource" : "MISC",
"url" : "https://www.dtsearch.com/ReleaseNotes.html"
},
{
"name" : "https://www.dtsearch.com/ReleaseNotesBeta.html",
"refsource" : "MISC",
"url" : "https://www.dtsearch.com/ReleaseNotesBeta.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dtsearch.com/ReleaseNotesBeta.html",
"refsource": "MISC",
"url": "https://www.dtsearch.com/ReleaseNotesBeta.html"
},
{
"name": "https://github.com/bitsadmin/exploits/tree/master/CVE-2018-11488",
"refsource": "MISC",
"url": "https://github.com/bitsadmin/exploits/tree/master/CVE-2018-11488"
},
{
"name": "https://www.dtsearch.com/ReleaseNotes.html",
"refsource": "MISC",
"url": "https://www.dtsearch.com/ReleaseNotes.html"
}
]
}
}

120
2018/11xxx/CVE-2018-11493.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wuzhicms/wuzhicms/issues/137",
"refsource" : "MISC",
"url" : "https://github.com/wuzhicms/wuzhicms/issues/137"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wuzhicms/wuzhicms/issues/137",
"refsource": "MISC",
"url": "https://github.com/wuzhicms/wuzhicms/issues/137"
}
]
}
}

34
2018/11xxx/CVE-2018-11747.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11747",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11747",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/11xxx/CVE-2018-11901.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11901",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11901",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/14xxx/CVE-2018-14253.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.1049"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6016."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.1049"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-713",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-713"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getIcon method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6016."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-713",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-713"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

34
2018/14xxx/CVE-2018-14895.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14895",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14895",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/15xxx/CVE-2018-15140.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15140",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the \"docid\" parameter when the mode is set to get."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45202",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45202/"
},
{
"name" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/",
"refsource" : "MISC",
"url" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/"
},
{
"name" : "https://github.com/openemr/openemr/pull/1765/files",
"refsource" : "CONFIRM",
"url" : "https://github.com/openemr/openemr/pull/1765/files"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the \"docid\" parameter when the mode is set to get."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/",
"refsource": "MISC",
"url": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/"
},
{
"name": "45202",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45202/"
},
{
"name": "https://github.com/openemr/openemr/pull/1765/files",
"refsource": "CONFIRM",
"url": "https://github.com/openemr/openemr/pull/1765/files"
}
]
}
}

34
2018/15xxx/CVE-2018-15214.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15214",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15214",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/15xxx/CVE-2018-15359.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerability@kaspersky.com",
"ID" : "CVE-2018-15359",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Eltex ESP-200",
"version" : {
"version_data" : [
{
"version_value" : "1.2.0"
}
]
}
}
]
},
"vendor_name" : "Kaspersky Lab"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface"
}
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/",
"refsource" : "MISC",
"url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/"
}
]
}
}

34
2018/15xxx/CVE-2018-15575.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15575",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15575",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/15xxx/CVE-2018-15852.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15852",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bkd00r.wordpress.com/2018/08/24/cve-2018-15852-exploit-title-cable-modem-technicolor-tc7200-20-wifi-buffer-overflow/",
"refsource" : "MISC",
"url" : "https://bkd00r.wordpress.com/2018/08/24/cve-2018-15852-exploit-title-cable-modem-technicolor-tc7200-20-wifi-buffer-overflow/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bkd00r.wordpress.com/2018/08/24/cve-2018-15852-exploit-title-cable-modem-technicolor-tc7200-20-wifi-buffer-overflow/",
"refsource": "MISC",
"url": "https://bkd00r.wordpress.com/2018/08/24/cve-2018-15852-exploit-title-cable-modem-technicolor-tc7200-20-wifi-buffer-overflow/"
}
]
}
}

150
2018/20xxx/CVE-2018-20019.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerability@kaspersky.com",
"ID" : "CVE-2018-20019",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LibVNC",
"version" : {
"version_data" : [
{
"version_value" : "commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Multiple Heap Out-of-Bound"
}
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-20019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LibVNC",
"version": {
"version_data": [
{
"version_value": "commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181227 [SECURITY] [DLA 1617-1] libvncserver security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html"
},
{
"name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/"
},
{
"name" : "DSA-4383",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4383"
},
{
"name" : "USN-3877-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3877-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Multiple Heap Out-of-Bound"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4383",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4383"
},
{
"name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1617-1] libvncserver security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00017.html"
},
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/"
},
{
"name": "USN-3877-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3877-1/"
}
]
}
}

130
2018/20xxx/CVE-2018-20587.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587",
"refsource" : "MISC",
"url" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587"
},
{
"name" : "https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b",
"refsource" : "MISC",
"url" : "https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests to the IPv6 localhost port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587",
"refsource": "MISC",
"url": "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20587"
},
{
"name": "https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b",
"refsource": "MISC",
"url": "https://medium.com/@lukedashjr/cve-2018-20587-advisory-and-full-disclosure-a3105551e78b"
}
]
}
}

34
2018/20xxx/CVE-2018-20667.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20667",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20667",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/9xxx/CVE-2018-9052.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100283c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf100283c",
"refsource" : "MISC",
"url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf100283c"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100283c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf100283c",
"refsource": "MISC",
"url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf100283c"
}
]
}
}