admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:52:04 +00:00
parent 24a816e842
commit 4969529d2e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3937 additions and 3937 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2002/0xxx/CVE-2002-0561.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0561",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020206 Hackproofing Oracle Application Server paper",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101301813117562&w=2"
},
{
"name" : "VU#611776",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/611776"
},
{
"name" : "CA-2002-08",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource" : "CONFIRM",
"url" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name" : "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource" : "MISC",
"url" : "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name" : "4292",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4292"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101301813117562&w=2"
},
{
"name": "4292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4292"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#611776",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/611776"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
}
]
}
}

150
2002/0xxx/CVE-2002-0861.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the \"Allow paste operations via script\" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS02-044",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044"
},
{
"name" : "20020408 Controlling the clipboard with OWC in IE (GM#007-IE)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101829726516346&w=2"
},
{
"name" : "owc-spreadsheet-clipboard-access(8779)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8779.php"
},
{
"name" : "4457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4457"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the \"Allow paste operations via script\" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "owc-spreadsheet-clipboard-access(8779)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8779.php"
},
{
"name": "20020408 Controlling the clipboard with OWC in IE (GM#007-IE)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101829726516346&w=2"
},
{
"name": "4457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4457"
},
{
"name": "MS02-044",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044"
}
]
}
}

140
2002/1xxx/CVE-2002-1498.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1498",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing .. sequences with \"/\" or \"\\\" characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020828 SWServer 2.2 directory traversal bug",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0307.html"
},
{
"name" : "5590",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5590"
},
{
"name" : "swserver-encoded-directory-traversal(9981)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9981.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing .. sequences with \"/\" or \"\\\" characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "swserver-encoded-directory-traversal(9981)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9981.php"
},
{
"name": "5590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5590"
},
{
"name": "20020828 SWServer 2.2 directory traversal bug",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0307.html"
}
]
}
}

140
2002/1xxx/CVE-2002-1913.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1913",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021016 phptonuke allows Remote File Retrieving",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0225.html"
},
{
"name" : "5982",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5982"
},
{
"name" : "myphpnuke-phptonuke-view-files(10396)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10396.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "myphpnuke-phptonuke-view-files(10396)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10396.php"
},
{
"name": "5982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5982"
},
{
"name": "20021016 phptonuke allows Remote File Retrieving",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0225.html"
}
]
}
}

160
2002/1xxx/CVE-2002-1958.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1958",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in \"safe\" HTML tags such as the \"b\" tag, or (2) the Subject field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021021 kmMail XSS",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2002-October/002207.html"
},
{
"name" : "http://sourceforge.net/forum/forum.php?forum_id=191501",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?forum_id=191501"
},
{
"name" : "5173",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5173"
},
{
"name" : "6013",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6013"
},
{
"name" : "kmmail-safe-tag-xss(9507)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9507.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in \"safe\" HTML tags such as the \"b\" tag, or (2) the Subject field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=191501",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=191501"
},
{
"name": "kmmail-safe-tag-xss(9507)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9507.php"
},
{
"name": "20021021 kmMail XSS",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-October/002207.html"
},
{
"name": "5173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5173"
},
{
"name": "6013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6013"
}
]
}
}

210
2002/2xxx/CVE-2002-2007.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2007",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020529 Vulnerability in Apache Tomcat v3.23 & v3.24",
"refsource" : "BUGTRAQ",
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/05/msg00272.html"
},
{
"name" : "20020529 Vulnerability in Apache Tomcat v3.23 & v3.24 (part 2)",
"refsource" : "BUGTRAQ",
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/05/msg00275.html"
},
{
"name" : "http://www.procheckup.com/security_info/vuln_pr0205.html",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/security_info/vuln_pr0205.html"
},
{
"name" : "http://www.procheckup.com/security_info/vuln_pr0206.html",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/security_info/vuln_pr0206.html"
},
{
"name" : "http://www.procheckup.com/security_info/vuln_pr0207.html",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/security_info/vuln_pr0207.html"
},
{
"name" : "VU#116963",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/116963"
},
{
"name" : "4876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4876"
},
{
"name" : "4877",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4877"
},
{
"name" : "4878",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4878"
},
{
"name" : "tomcat-sample-reveal-path(9208)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9208.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#116963",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/116963"
},
{
"name": "4876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4876"
},
{
"name": "http://www.procheckup.com/security_info/vuln_pr0206.html",
"refsource": "MISC",
"url": "http://www.procheckup.com/security_info/vuln_pr0206.html"
},
{
"name": "http://www.procheckup.com/security_info/vuln_pr0205.html",
"refsource": "MISC",
"url": "http://www.procheckup.com/security_info/vuln_pr0205.html"
},
{
"name": "tomcat-sample-reveal-path(9208)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9208.php"
},
{
"name": "20020529 Vulnerability in Apache Tomcat v3.23 & v3.24 (part 2)",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/05/msg00275.html"
},
{
"name": "20020529 Vulnerability in Apache Tomcat v3.23 & v3.24",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/05/msg00272.html"
},
{
"name": "http://www.procheckup.com/security_info/vuln_pr0207.html",
"refsource": "MISC",
"url": "http://www.procheckup.com/security_info/vuln_pr0207.html"
},
{
"name": "4877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4877"
},
{
"name": "4878",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4878"
}
]
}
}

140
2005/0xxx/CVE-2005-0059.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS05-017",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-017"
},
{
"name" : "oval:org.mitre.oval:def:4384",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4384"
},
{
"name" : "oval:org.mitre.oval:def:4988",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4988"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:4988",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4988"
},
{
"name": "oval:org.mitre.oval:def:4384",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4384"
},
{
"name": "MS05-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-017"
}
]
}
}

140
2005/0xxx/CVE-2005-0137.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0137",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a \"missing Itanium syscall table entry.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2005:284",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-284.html"
},
{
"name" : "RHSA-2005:293",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-293.html"
},
{
"name" : "oval:org.mitre.oval:def:11039",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11039"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a \"missing Itanium syscall table entry.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11039",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11039"
},
{
"name": "RHSA-2005:293",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-293.html"
},
{
"name": "RHSA-2005:284",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-284.html"
}
]
}
}

150
2005/0xxx/CVE-2005-0507.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0507",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in SD Server 4.0.70 and earlier allows remote attackers to read arbitrary files via .. sequences in an HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050222 SD Server 4.0.70 Directory Traversal Bug",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110910535122762&w=2"
},
{
"name" : "20050221 SD Server 4.0.70 Directory Traversal Bug",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=110901639709476&w=2"
},
{
"name" : "http://www.gdsoftware.dk/",
"refsource" : "CONFIRM",
"url" : "http://www.gdsoftware.dk/"
},
{
"name" : "14365",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14365"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SD Server 4.0.70 and earlier allows remote attackers to read arbitrary files via .. sequences in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gdsoftware.dk/",
"refsource": "CONFIRM",
"url": "http://www.gdsoftware.dk/"
},
{
"name": "20050221 SD Server 4.0.70 Directory Traversal Bug",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=110901639709476&w=2"
},
{
"name": "20050222 SD Server 4.0.70 Directory Traversal Bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110910535122762&w=2"
},
{
"name": "14365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14365"
}
]
}
}

150
2005/1xxx/CVE-2005-1027.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050404 [SECURITYREASON.COM] Full path disclosure and XSS in PHPNuke part 3",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111272010303144&w=2"
},
{
"name" : "20030511 PHPNuke \"Your Account\" XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/321324"
},
{
"name" : "7570",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7570"
},
{
"name" : "phpnuke-modules-xss(11994)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11994"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7570",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7570"
},
{
"name": "20030511 PHPNuke \"Your Account\" XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/321324"
},
{
"name": "20050404 [SECURITYREASON.COM] Full path disclosure and XSS in PHPNuke part 3",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111272010303144&w=2"
},
{
"name": "phpnuke-modules-xss(11994)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11994"
}
]
}
}

140
2005/1xxx/CVE-2005-1047.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1047",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050408 phpBB Upload Script \"up.php\" Arbitrary File Upload",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111299353030534&w=2"
},
{
"name" : "http://www.defacers.com.mx/advisories/2.txt",
"refsource" : "MISC",
"url" : "http://www.defacers.com.mx/advisories/2.txt"
},
{
"name" : "1013671",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013671",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013671"
},
{
"name": "http://www.defacers.com.mx/advisories/2.txt",
"refsource": "MISC",
"url": "http://www.defacers.com.mx/advisories/2.txt"
},
{
"name": "20050408 phpBB Upload Script \"up.php\" Arbitrary File Upload",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111299353030534&w=2"
}
]
}
}

160
2005/1xxx/CVE-2005-1667.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1667",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "983",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/983"
},
{
"name" : "http://www.securiteam.com/windowsntfocus/5FP052AFPA.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/windowsntfocus/5FP052AFPA.html"
},
{
"name" : "13558",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13558"
},
{
"name" : "16168",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16168"
},
{
"name" : "15291",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15291"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15291"
},
{
"name": "16168",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16168"
},
{
"name": "983",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/983"
},
{
"name": "http://www.securiteam.com/windowsntfocus/5FP052AFPA.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5FP052AFPA.html"
},
{
"name": "13558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13558"
}
]
}
}

170
2005/1xxx/CVE-2005-1703.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1703",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Warrior Kings: Battles 1.23 and earlier allows remote attackers to cause a denial of service (server crash) via a partial join packet that triggers a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050523 Format string and crash in Warrior Kings 1.3 and Battles 1.23",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111686776303832&w=2"
},
{
"name" : "http://aluigi.altervista.org/adv/warkings-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/warkings-adv.txt"
},
{
"name" : "13712",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13712"
},
{
"name" : "1014040",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014040"
},
{
"name" : "1014041",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014041"
},
{
"name" : "15482",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Warrior Kings: Battles 1.23 and earlier allows remote attackers to cause a denial of service (server crash) via a partial join packet that triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014040",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014040"
},
{
"name": "http://aluigi.altervista.org/adv/warkings-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/warkings-adv.txt"
},
{
"name": "13712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13712"
},
{
"name": "1014041",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014041"
},
{
"name": "20050523 Format string and crash in Warrior Kings 1.3 and Battles 1.23",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111686776303832&w=2"
},
{
"name": "15482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15482"
}
]
}
}

140
2009/0xxx/CVE-2009-0253.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a \"Status Bar Obfuscation\" and \"Clickjacking\" attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7842",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7842"
},
{
"name" : "4936",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4936"
},
{
"name" : "firefox-onclickaction-click-hijacking(48212)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a \"Status Bar Obfuscation\" and \"Clickjacking\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7842",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7842"
},
{
"name": "firefox-onclickaction-click-hijacking(48212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48212"
},
{
"name": "4936",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4936"
}
]
}
}

180
2009/0xxx/CVE-2009-0522.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the \"mouse pointer display,\" related to a \"Clickjacking attack.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://isc.sans.org/diary.html?storyid=5929",
"refsource" : "MISC",
"url" : "http://isc.sans.org/diary.html?storyid=5929"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
},
{
"name" : "oval:org.mitre.oval:def:6674",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674"
},
{
"name" : "1021752",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021752"
},
{
"name" : "34012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34012"
},
{
"name" : "ADV-2009-0513",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0513"
},
{
"name" : "flash-unspecified-click-hijacking(48903)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48903"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the \"mouse pointer display,\" related to a \"Clickjacking attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://isc.sans.org/diary.html?storyid=5929",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=5929"
},
{
"name": "1021752",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021752"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
},
{
"name": "ADV-2009-0513",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0513"
},
{
"name": "oval:org.mitre.oval:def:6674",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674"
},
{
"name": "34012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34012"
},
{
"name": "flash-unspecified-click-hijacking(48903)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48903"
}
]
}
}

240
2009/0xxx/CVE-2009-0542.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0542",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a \"%\" (percent) character in the username, which introduces a \"'\" (single quote) character during variable substitution by mod_sql."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090210 Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500823/100/0/threaded"
},
{
"name" : "20090210 ProFTPd with mod_mysql Authentication Bypass Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500851/100/0/threaded"
},
{
"name" : "20090210 Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500833/100/0/threaded"
},
{
"name" : "20090211 Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500852/100/0/threaded"
},
{
"name" : "8037",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8037"
},
{
"name" : "[oss-security] 20090211 CVE request for proftpd",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/02/11/1"
},
{
"name" : "[oss-security] 20090211 Re: CVE request for proftpd",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/02/11/5"
},
{
"name" : "[oss-security] 20090211 Re: CVE request for proftpd",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/02/11/3"
},
{
"name" : "http://bugs.proftpd.org/show_bug.cgi?id=3180",
"refsource" : "CONFIRM",
"url" : "http://bugs.proftpd.org/show_bug.cgi?id=3180"
},
{
"name" : "DSA-1730",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1730"
},
{
"name" : "GLSA-200903-27",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200903-27.xml"
},
{
"name" : "MDVSA-2009:061",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"name" : "34268",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34268"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a \"%\" (percent) character in the username, which introduces a \"'\" (single quote) character during variable substitution by mod_sql."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1730",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1730"
},
{
"name": "20090210 Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500833/100/0/threaded"
},
{
"name": "[oss-security] 20090211 Re: CVE request for proftpd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/5"
},
{
"name": "http://bugs.proftpd.org/show_bug.cgi?id=3180",
"refsource": "CONFIRM",
"url": "http://bugs.proftpd.org/show_bug.cgi?id=3180"
},
{
"name": "[oss-security] 20090211 Re: CVE request for proftpd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/3"
},
{
"name": "34268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34268"
},
{
"name": "MDVSA-2009:061",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:061"
},
{
"name": "20090211 Re: Re: Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500852/100/0/threaded"
},
{
"name": "20090210 ProFTPd with mod_mysql Authentication Bypass Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500851/100/0/threaded"
},
{
"name": "[oss-security] 20090211 CVE request for proftpd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/11/1"
},
{
"name": "GLSA-200903-27",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-27.xml"
},
{
"name": "8037",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8037"
},
{
"name": "20090210 Another SQL injection in ProFTPd with mod_mysql (probably postgres as well)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500823/100/0/threaded"
}
]
}
}

140
2009/0xxx/CVE-2009-0832.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0832",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090107 PHP-Fusion Mod E-Cart Sql Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499835/100/0/threaded"
},
{
"name" : "7698",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7698"
},
{
"name" : "33155",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33155"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7698",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7698"
},
{
"name": "33155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33155"
},
{
"name": "20090107 PHP-Fusion Mod E-Cart Sql Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499835/100/0/threaded"
}
]
}
}

190
2009/1xxx/CVE-2009-1161.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-1161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
},
{
"name" : "JVN#62527913",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN62527913/index.html"
},
{
"name" : "JVNDB-2009-000032",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
},
{
"name" : "35040",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35040"
},
{
"name" : "54616",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54616"
},
{
"name" : "1022263",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022263"
},
{
"name" : "35179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35179"
},
{
"name" : "ADV-2009-1390",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1390"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2009-000032",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000032.html"
},
{
"name": "20090520 CiscoWorks TFTP Directory Traversal Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ab7b56.shtml"
},
{
"name": "35040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35040"
},
{
"name": "JVN#62527913",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN62527913/index.html"
},
{
"name": "54616",
"refsource": "OSVDB",
"url": "http://osvdb.org/54616"
},
{
"name": "1022263",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022263"
},
{
"name": "ADV-2009-1390",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1390"
},
{
"name": "35179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35179"
}
]
}
}

150
2009/1xxx/CVE-2009-1368.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1368",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8394",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8394"
},
{
"name" : "http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog",
"refsource" : "CONFIRM",
"url" : "http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog"
},
{
"name" : "34474",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34474"
},
{
"name" : "mozilocms-index-file-include(49813)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49813"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in moziloCMS 1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this might be the same issue as CVE-2008-6126.2, which may have been fixed in 1.10.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog",
"refsource": "CONFIRM",
"url": "http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog"
},
{
"name": "8394",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8394"
},
{
"name": "34474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34474"
},
{
"name": "mozilocms-index-file-include(49813)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49813"
}
]
}
}

140
2009/1xxx/CVE-2009-1764.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1764",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8726",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8726"
},
{
"name" : "34981",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34981"
},
{
"name" : "maxcms-ajax-sql-injection(50553)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50553"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8726",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8726"
},
{
"name": "34981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34981"
},
{
"name": "maxcms-ajax-sql-injection(50553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50553"
}
]
}
}

34
2009/1xxx/CVE-2009-1793.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1793",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1793",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

390
2012/0xxx/CVE-2012-0501.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0501",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name" : "DSA-2420",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2420"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "HPSBMU02797",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBUX02757",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133364885411663&w=2"
},
{
"name" : "HPSBUX02760",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133365109612558&w=2"
},
{
"name" : "HPSBUX02784",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133847939902305&w=2"
},
{
"name" : "SSRT100779",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133364885411663&w=2"
},
{
"name" : "SSRT100805",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133365109612558&w=2"
},
{
"name" : "SSRT100867",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "SSRT100871",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133847939902305&w=2"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "RHSA-2013:1455",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name" : "RHSA-2012:0508",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name" : "RHSA-2012:0514",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0514.html"
},
{
"name" : "SUSE-SU-2012:0602",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name" : "SUSE-SU-2012:0603",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html"
},
{
"name" : "52013",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52013"
},
{
"name" : "oval:org.mitre.oval:def:15069",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15069"
},
{
"name" : "48589",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48589"
},
{
"name" : "48692",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48692"
},
{
"name" : "48915",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48915"
},
{
"name" : "48948",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48948"
},
{
"name" : "48950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48950"
},
{
"name" : "48073",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48073"
},
{
"name" : "48074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48074"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48074"
},
{
"name": "HPSBUX02784",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133847939902305&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html"
},
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "48692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48692"
},
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "48589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48589"
},
{
"name": "SSRT100805",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2"
},
{
"name": "SUSE-SU-2012:0602",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "SUSE-SU-2012:0603",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html"
},
{
"name": "48073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48073"
},
{
"name": "48950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48950"
},
{
"name": "48948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48948"
},
{
"name": "52013",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52013"
},
{
"name": "SSRT100871",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133847939902305&w=2"
},
{
"name": "48915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48915"
},
{
"name": "HPSBUX02757",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133364885411663&w=2"
},
{
"name": "DSA-2420",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2420"
},
{
"name": "RHSA-2012:0508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0508.html"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "RHSA-2012:0514",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0514.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "oval:org.mitre.oval:def:15069",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15069"
},
{
"name": "HPSBUX02760",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133365109612558&w=2"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "SSRT100779",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133364885411663&w=2"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
}
]
}
}

160
2012/2xxx/CVE-2012-2580.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20360",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/20360"
},
{
"name" : "54909",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54909"
},
{
"name" : "84532",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/84532"
},
{
"name" : "50207",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50207"
},
{
"name" : "postie-wordpress-xss(77537)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77537"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84532",
"refsource": "OSVDB",
"url": "http://osvdb.org/84532"
},
{
"name": "postie-wordpress-xss(77537)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77537"
},
{
"name": "50207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50207"
},
{
"name": "54909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54909"
},
{
"name": "20360",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20360"
}
]
}
}

170
2012/2xxx/CVE-2012-2680.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2680",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) \"web pages,\" (2) \"export functionality,\" and (3) \"image viewing.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421",
"refsource" : "MISC",
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"
},
{
"name" : "RHSA-2012:1278",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name" : "RHSA-2012:1281",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name" : "55618",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55618"
},
{
"name" : "50660",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50660"
},
{
"name" : "cumin-redhat-sec-bypass(78770)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) \"web pages,\" (2) \"export functionality,\" and (3) \"image viewing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421",
"refsource": "MISC",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=829421"
},
{
"name": "55618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "RHSA-2012:1278",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "cumin-redhat-sec-bypass(78770)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78770"
},
{
"name": "RHSA-2012:1281",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50660"
}
]
}
}

34
2012/2xxx/CVE-2012-2809.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2809",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2809",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2012/2xxx/CVE-2012-2816.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2816",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=119150",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=119150"
},
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=119250",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=119250"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html"
},
{
"name" : "openSUSE-SU-2012:0813",
"refsource" : "SUSE",
"url" : "https://hermes.opensuse.org/messages/15075728"
},
{
"name" : "oval:org.mitre.oval:def:15591",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15591"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:0813",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15075728"
},
{
"name": "oval:org.mitre.oval:def:15591",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15591"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=119250",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=119250"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=119150",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=119150"
}
]
}
}

210
2012/3xxx/CVE-2012-3167.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3167",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "DSA-2581",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2581"
},
{
"name" : "GLSA-201308-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "RHSA-2012:1462",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
},
{
"name" : "USN-1621-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1621-1"
},
{
"name" : "51309",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51309"
},
{
"name" : "51177",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51177"
},
{
"name" : "53372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53372"
},
{
"name" : "mysqlserver-serverfulltextsearch-dos(79392)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79392"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51177"
},
{
"name": "RHSA-2012:1462",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
},
{
"name": "mysqlserver-serverfulltextsearch-dos(79392)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79392"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "DSA-2581",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2581"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "51309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51309"
},
{
"name": "USN-1621-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1621-1"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2012/3xxx/CVE-2012-3199.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3199",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gnome Trusted Extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "56052",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56052"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gnome Trusted Extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "56052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56052"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

210
2012/3xxx/CVE-2012-3355.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3355",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120625 CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/25/5"
},
{
"name" : "[oss-security] 20120625 Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/25/7"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673"
},
{
"name" : "http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.html",
"refsource" : "MISC",
"url" : "http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.html"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=678661",
"refsource" : "MISC",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=678661"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=835076",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=835076"
},
{
"name" : "openSUSE-SU-2012:0954",
"refsource" : "SUSE",
"url" : "https://hermes.opensuse.org/messages/15351848"
},
{
"name" : "USN-1503-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1503-1"
},
{
"name" : "54186",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54186"
},
{
"name" : "rhythmbox-template-symlink(76538)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76538"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=678661",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=678661"
},
{
"name": "[oss-security] 20120625 CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/25/5"
},
{
"name": "openSUSE-SU-2012:0954",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15351848"
},
{
"name": "[oss-security] 20120625 Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/25/7"
},
{
"name": "54186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54186"
},
{
"name": "http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.html",
"refsource": "MISC",
"url": "http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673"
},
{
"name": "USN-1503-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1503-1"
},
{
"name": "rhythmbox-template-symlink(76538)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76538"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=835076",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=835076"
}
]
}
}

130
2012/3xxx/CVE-2012-3454.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3454",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120803 CVE ASSIGNMENT: extplorer: creates world writable directory /var/lib/extplorer/ftp_tmp",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/03/7"
},
{
"name" : "54801",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54801"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54801",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54801"
},
{
"name": "[oss-security] 20120803 CVE ASSIGNMENT: extplorer: creates world writable directory /var/lib/extplorer/ftp_tmp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/03/7"
}
]
}
}

200
2012/3xxx/CVE-2012-3493.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3493",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120920 Notification of upstream Condor security fixes",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=848222",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=848222"
},
{
"name" : "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=d2f33972",
"refsource" : "CONFIRM",
"url" : "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=d2f33972"
},
{
"name" : "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html",
"refsource" : "CONFIRM",
"url" : "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"name" : "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html",
"refsource" : "CONFIRM",
"url" : "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name" : "RHSA-2012:1278",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name" : "RHSA-2012:1281",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name" : "55632",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55632"
},
{
"name" : "50666",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50666"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condor_startd port, which leaks the ClaimId."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name": "RHSA-2012:1281",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=d2f33972",
"refsource": "CONFIRM",
"url": "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=d2f33972"
},
{
"name": "50666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50666"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=848222",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848222"
},
{
"name": "[oss-security] 20120920 Notification of upstream Condor security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
]
}
}

34
2012/4xxx/CVE-2012-4134.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4134",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-4134",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

160
2012/4xxx/CVE-2012-4575.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121102 Re: CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2012/11/02/8"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692103",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692103"
},
{
"name" : "http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commit;h=4b92112b820830b30cd7bc91bef3dd8f35305525",
"refsource" : "CONFIRM",
"url" : "http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commit;h=4b92112b820830b30cd7bc91bef3dd8f35305525"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=872527",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=872527"
},
{
"name" : "56371",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56371"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56371"
},
{
"name": "http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commit;h=4b92112b820830b30cd7bc91bef3dd8f35305525",
"refsource": "CONFIRM",
"url": "http://git.postgresql.org/gitweb/?p=pgbouncer.git;a=commit;h=4b92112b820830b30cd7bc91bef3dd8f35305525"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=872527",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=872527"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692103",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692103"
},
{
"name": "[oss-security] 20121102 Re: CVE Request -- pgbouncer: DoS (pooler server shutdown) by adding database with large name",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/02/8"
}
]
}
}

200
2012/4xxx/CVE-2012-4930.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4930",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/",
"refsource" : "MISC",
"url" : "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/"
},
{
"name" : "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html",
"refsource" : "MISC",
"url" : "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html"
},
{
"name" : "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312",
"refsource" : "MISC",
"url" : "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312"
},
{
"name" : "http://www.ekoparty.org/2012/thai-duong.php",
"refsource" : "MISC",
"url" : "http://www.ekoparty.org/2012/thai-duong.php"
},
{
"name" : "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091",
"refsource" : "MISC",
"url" : "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091"
},
{
"name" : "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/",
"refsource" : "MISC",
"url" : "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=857737",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=857737"
},
{
"name" : "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls",
"refsource" : "MISC",
"url" : "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls"
},
{
"name" : "SUSE-SU-2012:1351",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a \"CRIME\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091",
"refsource": "MISC",
"url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091"
},
{
"name": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312",
"refsource": "MISC",
"url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312"
},
{
"name": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html",
"refsource": "MISC",
"url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html"
},
{
"name": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls",
"refsource": "MISC",
"url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls"
},
{
"name": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=857737",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=857737"
},
{
"name": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/",
"refsource": "MISC",
"url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/"
},
{
"name": "SUSE-SU-2012:1351",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"
},
{
"name": "http://www.ekoparty.org/2012/thai-duong.php",
"refsource": "MISC",
"url": "http://www.ekoparty.org/2012/thai-duong.php"
}
]
}
}

150
2012/6xxx/CVE-2012-6052.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-30.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-30.html"
},
{
"name" : "openSUSE-SU-2012:1633",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html"
},
{
"name" : "openSUSE-SU-2013:0151",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html"
},
{
"name" : "oval:org.mitre.oval:def:16040",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16040"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensitive hostname information by reading pcap-ng files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16040",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16040"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2012-30.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2012-30.html"
},
{
"name": "openSUSE-SU-2012:1633",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html"
},
{
"name": "openSUSE-SU-2013:0151",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html"
}
]
}
}

180
2012/6xxx/CVE-2012-6109.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=895277",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=895277"
},
{
"name" : "https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ",
"refsource" : "MISC",
"url" : "https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ"
},
{
"name" : "http://rack.github.com/",
"refsource" : "CONFIRM",
"url" : "http://rack.github.com/"
},
{
"name" : "https://github.com/rack/rack/blob/master/README.rdoc",
"refsource" : "CONFIRM",
"url" : "https://github.com/rack/rack/blob/master/README.rdoc"
},
{
"name" : "https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5",
"refsource" : "CONFIRM",
"url" : "https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5"
},
{
"name" : "RHSA-2013:0544",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
},
{
"name" : "RHSA-2013:0548",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0548.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=895277",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895277"
},
{
"name": "https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5",
"refsource": "CONFIRM",
"url": "https://github.com/rack/rack/commit/c9f65df37a151821eb88ddd1dc404b83e52c52d5"
},
{
"name": "http://rack.github.com/",
"refsource": "CONFIRM",
"url": "http://rack.github.com/"
},
{
"name": "https://github.com/rack/rack/blob/master/README.rdoc",
"refsource": "CONFIRM",
"url": "https://github.com/rack/rack/blob/master/README.rdoc"
},
{
"name": "https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ"
},
{
"name": "RHSA-2013:0548",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0548.html"
},
{
"name": "RHSA-2013:0544",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
}
]
}
}

34
2012/6xxx/CVE-2012-6416.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6416",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6416",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

34
2017/2xxx/CVE-2017-2017.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2017",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2017",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/2xxx/CVE-2017-2069.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2069",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2069",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

150
2017/2xxx/CVE-2017-2274.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WMR-433",
"version" : {
"version_data" : [
{
"version_value" : "firmware Ver.1.02 and earlier"
}
]
}
},
{
"product_name" : "WMR-433W",
"version" : {
"version_data" : [
{
"version_value" : "firmware Ver.1.40 and earlier"
}
]
}
}
]
},
"vendor_name" : "BUFFALO INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WMR-433",
"version": {
"version_data": [
{
"version_value": "firmware Ver.1.02 and earlier"
}
]
}
},
{
"product_name": "WMR-433W",
"version": {
"version_data": [
{
"version_value": "firmware Ver.1.40 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://buffalo.jp/support_s/s20170606.html",
"refsource" : "CONFIRM",
"url" : "http://buffalo.jp/support_s/s20170606.html"
},
{
"name" : "JVN#48413726",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN48413726/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://buffalo.jp/support_s/s20170606.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20170606.html"
},
{
"name": "JVN#48413726",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN48413726/index.html"
}
]
}
}

142
2017/2xxx/CVE-2017-2816.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-09-13T00:00:00",
"ID" : "CVE-2017-2816",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LibOfx",
"version" : {
"version_data" : [
{
"version_value" : "0.9.11"
}
]
}
}
]
},
"vendor_name" : "LibOFX"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-09-13T00:00:00",
"ID": "CVE-2017-2816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LibOfx",
"version": {
"version_data": [
{
"version_value": "0.9.11"
}
]
}
}
]
},
"vendor_name": "LibOFX"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20171126 [SECURITY] [DLA 1192-1] libofx security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html"
},
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317"
},
{
"name" : "100828",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100828"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171126 [SECURITY] [DLA 1192-1] libofx security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00038.html"
},
{
"name": "100828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100828"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317"
}
]
}
}

130
2017/2xxx/CVE-2017-2972.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-2972",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module related to JPEG parsing. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-2972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
},
{
"name" : "95690",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95690"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module related to JPEG parsing. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95690"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
}
]
}
}

130
2017/6xxx/CVE-2017-6003.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.yiwang6.cn/dotcms.docx",
"refsource" : "MISC",
"url" : "http://www.yiwang6.cn/dotcms.docx"
},
{
"name" : "97089",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97089"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language in portal/layout via the bottom two form fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97089"
},
{
"name": "http://www.yiwang6.cn/dotcms.docx",
"refsource": "MISC",
"url": "http://www.yiwang6.cn/dotcms.docx"
}
]
}
}

142
2017/6xxx/CVE-2017-6782.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2017-08-16T00:00:00",
"ID" : "CVE-2017-6782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Prime Infrastructure",
"version" : {
"version_data" : [
{
"version_value" : "3.2(0.0)"
}
]
}
}
]
},
"vendor_name" : "Cisco Systems, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the rendering of the injected code. Cisco Bug IDs: CSCve47074. Known Affected Releases: 3.2(0.0)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "HTML injection"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2017-08-16T00:00:00",
"ID": "CVE-2017-6782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prime Infrastructure",
"version": {
"version_data": [
{
"version_value": "3.2(0.0)"
}
]
}
}
]
},
"vendor_name": "Cisco Systems, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20170816 Cisco Prime Infrastructure HTML Injection Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi"
},
{
"name" : "100366",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100366"
},
{
"name" : "1039189",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039189"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the administrative web interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to modify a page in the web interface of the affected application. The vulnerability is due to improper sanitization of parameter values by the affected application. An attacker could exploit this vulnerability by injecting malicious code into an affected parameter and persuading a user to access a web page that triggers the rendering of the injected code. Cisco Bug IDs: CSCve47074. Known Affected Releases: 3.2(0.0)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTML injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039189"
},
{
"name": "100366",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100366"
},
{
"name": "20170816 Cisco Prime Infrastructure HTML Injection Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cpi"
}
]
}
}

162
2018/11xxx/CVE-2018-11040.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-06-14T04:00:00.000Z",
"ID" : "CVE-2018-11040",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Spring Framework",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "5.0.x",
"version_value" : "5.0.7"
},
{
"affected" : "<",
"version_name" : "4.3.x ",
"version_value" : "4.3.18"
}
]
}
}
]
},
"vendor_name" : "Pivotal"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "JSONP enabled by default in MappingJackson2JsonView"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-06-14T04:00:00.000Z",
"ID": "CVE-2018-11040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "5.0.x",
"version_value": "5.0.7"
},
{
"affected": "<",
"version_name": "4.3.x ",
"version_value": "4.3.18"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2018-11040",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-11040"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the \"jsonp\" and \"callback\" JSONP parameters, enabling cross-domain requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "JSONP enabled by default in MappingJackson2JsonView"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-11040",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-11040"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

34
2018/11xxx/CVE-2018-11253.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11253",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11253",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/11xxx/CVE-2018-11381.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3"
},
{
"name" : "https://github.com/radare/radare2/issues/9902",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/9902"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3",
"refsource": "MISC",
"url": "https://github.com/radare/radare2/commit/3fcf41ed96ffa25b38029449520c8d0a198745f3"
},
{
"name": "https://github.com/radare/radare2/issues/9902",
"refsource": "MISC",
"url": "https://github.com/radare/radare2/issues/9902"
}
]
}
}

140
2018/14xxx/CVE-2018-14071.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt",
"refsource" : "MISC",
"url" : "https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt"
},
{
"name" : "https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f",
"refsource" : "MISC",
"url" : "https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f"
},
{
"name" : "https://github.com/cyberhobo/wordpress-geo-mashup/issues/817",
"refsource" : "MISC",
"url" : "https://github.com/cyberhobo/wordpress-geo-mashup/issues/817"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cyberhobo/wordpress-geo-mashup/issues/817",
"refsource": "MISC",
"url": "https://github.com/cyberhobo/wordpress-geo-mashup/issues/817"
},
{
"name": "https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f",
"refsource": "MISC",
"url": "https://github.com/cyberhobo/wordpress-geo-mashup/commit/838e2fe15a2328f5ae3dfc75d90e420509286f2f"
},
{
"name": "https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt",
"refsource": "MISC",
"url": "https://github.com/cyberhobo/wordpress-geo-mashup/blob/master/readme.txt"
}
]
}
}

130
2018/14xxx/CVE-2018-14371.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
"refsource" : "CONFIRM",
"url" : "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24"
},
{
"name" : "https://github.com/javaserverfaces/mojarra/issues/4364",
"refsource" : "CONFIRM",
"url" : "https://github.com/javaserverfaces/mojarra/issues/4364"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Java bytecodes from applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/javaserverfaces/mojarra/issues/4364",
"refsource": "CONFIRM",
"url": "https://github.com/javaserverfaces/mojarra/issues/4364"
},
{
"name": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24",
"refsource": "CONFIRM",
"url": "https://github.com/eclipse-ee4j/mojarra/commit/1b434748d9239f42eae8aa7d37d7a0930c061e24"
}
]
}
}

34
2018/14xxx/CVE-2018-14671.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14671",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14671",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/14xxx/CVE-2018-14852.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14852",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14852.md",
"refsource" : "MISC",
"url" : "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14852.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14852.md",
"refsource": "MISC",
"url": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14852.md"
}
]
}
}

120
2018/15xxx/CVE-2018-15587.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=796424",
"refsource" : "MISC",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=796424"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a valid signature from the entity to be impersonated as an attachment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=796424",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=796424"
}
]
}
}

120
2018/15xxx/CVE-2018-15670.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15670",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker may abuse HTML elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the NX_LMOUSEUP event triggered by clicking an email."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://versprite.com/advisories/airmail-3-for-mac-4/",
"refsource" : "MISC",
"url" : "https://versprite.com/advisories/airmail-3-for-mac-4/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements \"webView:decidePolicyForNavigationAction:request:frame:decisionListener:\" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker may abuse HTML elements with an EventHandler for a chance to validate navigation requests for URLs that are processed during the NX_LMOUSEUP event triggered by clicking an email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://versprite.com/advisories/airmail-3-for-mac-4/",
"refsource": "MISC",
"url": "https://versprite.com/advisories/airmail-3-for-mac-4/"
}
]
}
}

34
2018/15xxx/CVE-2018-15915.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15915",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15915",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/20xxx/CVE-2018-20076.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20076",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20076",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2018/20xxx/CVE-2018-20147.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190211 [SECURITY] [DLA 1673-1] wordpress security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html"
},
{
"name" : "https://codex.wordpress.org/Version_4.9.9",
"refsource" : "MISC",
"url" : "https://codex.wordpress.org/Version_4.9.9"
},
{
"name" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
"refsource" : "MISC",
"url" : "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
},
{
"name" : "https://wordpress.org/support/wordpress-version/version-5-0-1/",
"refsource" : "MISC",
"url" : "https://wordpress.org/support/wordpress-version/version-5-0-1/"
},
{
"name" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/",
"refsource" : "MISC",
"url" : "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/9169",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/9169"
},
{
"name" : "DSA-4401",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4401"
},
{
"name" : "106220",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106220"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9169",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9169"
},
{
"name": "106220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106220"
},
{
"name": "https://wordpress.org/support/wordpress-version/version-5-0-1/",
"refsource": "MISC",
"url": "https://wordpress.org/support/wordpress-version/version-5-0-1/"
},
{
"name": "https://codex.wordpress.org/Version_4.9.9",
"refsource": "MISC",
"url": "https://codex.wordpress.org/Version_4.9.9"
},
{
"name": "DSA-4401",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4401"
},
{
"name": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/",
"refsource": "MISC",
"url": "https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/"
},
{
"name": "[debian-lts-announce] 20190211 [SECURITY] [DLA 1673-1] wordpress security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00019.html"
},
{
"name": "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/",
"refsource": "MISC",
"url": "https://www.zdnet.com/article/wordpress-plugs-bug-that-led-to-google-indexing-some-user-passwords/"
}
]
}
}

34
2018/20xxx/CVE-2018-20804.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20804",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20804",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/8xxx/CVE-2018-8143.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8143",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8143",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}