admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:47:56 +00:00
parent a538ae534e
commit 51c50c6287
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3363 additions and 3358 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2002/0xxx/CVE-2002-0320.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0320",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020221 Remote crashes in Yahoo messenger",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101439616623230&w=2"
},
{
"name" : "CA-2002-16",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name" : "VU#419419",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/419419"
},
{
"name" : "VU#887319",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/887319"
},
{
"name" : "yahoo-messenger-message-bo(8264)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8264.php"
},
{
"name" : "yahoo-messenger-imvironment-bo(8265)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8265.php"
},
{
"name" : "4162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4162"
},
{
"name" : "4163",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4163"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) message or (2) IMvironment field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4162"
},
{
"name": "VU#887319",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/887319"
},
{
"name": "CA-2002-16",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-16.html"
},
{
"name": "20020221 Remote crashes in Yahoo messenger",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101439616623230&w=2"
},
{
"name": "VU#419419",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/419419"
},
{
"name": "yahoo-messenger-imvironment-bo(8265)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8265.php"
},
{
"name": "yahoo-messenger-message-bo(8264)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8264.php"
},
{
"name": "4163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4163"
}
]
}
}

150
2002/0xxx/CVE-2002-0334.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0334",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020227 Remote exploit against xtelld and other fun",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101494896516467&w=2"
},
{
"name" : "DSA-121",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-121"
},
{
"name" : "4197",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4197"
},
{
"name" : "xtell-log-symlink(8314)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8314.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4197"
},
{
"name": "20020227 Remote exploit against xtelld and other fun",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101494896516467&w=2"
},
{
"name": "xtell-log-symlink(8314)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8314.php"
},
{
"name": "DSA-121",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-121"
}
]
}
}

140
2002/0xxx/CVE-2002-0478.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0478",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020320 Default SNMP configuration issue with Foundry Networks EdgeIron 4802F",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101666425609914&w=2"
},
{
"name" : "edgelron-default-snmp-string(8592)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8592.php"
},
{
"name" : "4330",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4330"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4330"
},
{
"name": "edgelron-default-snmp-string(8592)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8592.php"
},
{
"name": "20020320 Default SNMP configuration issue with Foundry Networks EdgeIron 4802F",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101666425609914&w=2"
}
]
}
}

150
2002/0xxx/CVE-2002-0607.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0607",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020419 Snitz Forums 2000 remote SQL query manipulation vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0279.html"
},
{
"name" : "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26770",
"refsource" : "CONFIRM",
"url" : "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26770"
},
{
"name" : "snitz-members-sql-injection(8898)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8898.php"
},
{
"name" : "4558",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4558"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4558"
},
{
"name": "snitz-members-sql-injection(8898)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8898.php"
},
{
"name": "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26770",
"refsource": "CONFIRM",
"url": "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=26770"
},
{
"name": "20020419 Snitz Forums 2000 remote SQL query manipulation vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0279.html"
}
]
}
}

120
2002/0xxx/CVE-2002-0870.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0870",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020814 Cisco Content Service Switch 11000 Series Web Management Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020814 Cisco Content Service Switch 11000 Series Web Management Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml"
}
]
}
}

150
2002/1xxx/CVE-2002-1322.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1322",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rational ClearCase 4.1, 2002.05, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain packets to port 371, e.g. via nmap."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021122 ClearCase DoS vulnerabilty",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103808239618238&w=2"
},
{
"name" : "20021122 ClearCase DoS vulnerabilty",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0084.html"
},
{
"name" : "6228",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6228"
},
{
"name" : "clearcase-tcp-scan-dos(10675)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10675"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rational ClearCase 4.1, 2002.05, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain packets to port 371, e.g. via nmap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021122 ClearCase DoS vulnerabilty",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103808239618238&w=2"
},
{
"name": "20021122 ClearCase DoS vulnerabilty",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0084.html"
},
{
"name": "6228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6228"
},
{
"name": "clearcase-tcp-scan-dos(10675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10675"
}
]
}
}

150
2002/1xxx/CVE-2002-1717.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1717",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020210 This is the CORRECTED POST please ignore the one befor same subject MULTIPLE Remote Issues with II5.1 on Windows XP",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/255555"
},
{
"name" : "20020212 Re: This is the CORRECTED POST please ignore the one befor same subject MULTIPLE Remote Issues with II5.1 on Windows XP",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/256125"
},
{
"name" : "4078",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4078"
},
{
"name" : "iis-cnf-reveal-information(8174)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8174"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Information Server (IIS) 5.1 allows remote attackers to view path information via a GET request to (1) /_vti_pvt/access.cnf, (2) /_vti_pvt/botinfs.cnf, (3) /_vti_pvt/bots.cnf, or (4) /_vti_pvt/linkinfo.cnf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020212 Re: This is the CORRECTED POST please ignore the one befor same subject MULTIPLE Remote Issues with II5.1 on Windows XP",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/256125"
},
{
"name": "iis-cnf-reveal-information(8174)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8174"
},
{
"name": "4078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4078"
},
{
"name": "20020210 This is the CORRECTED POST please ignore the one befor same subject MULTIPLE Remote Issues with II5.1 on Windows XP",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/255555"
}
]
}
}

140
2002/1xxx/CVE-2002-1866.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1866",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file descriptors for 404 error messages, which could allow remote attackers to cause a denial of service (file descriptor exhaustion) via multiple requests for pages that do not exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020903 Re: SWS Web Server v0.1.0 Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0047.html"
},
{
"name" : "5659",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5659"
},
{
"name" : "sws-webserver-invalid-file-dos(10071)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10071.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file descriptors for 404 error messages, which could allow remote attackers to cause a denial of service (file descriptor exhaustion) via multiple requests for pages that do not exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5659"
},
{
"name": "sws-webserver-invalid-file-dos(10071)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10071.php"
},
{
"name": "20020903 Re: SWS Web Server v0.1.0 Exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0047.html"
}
]
}
}

160
2002/2xxx/CVE-2002-2303.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2303",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021202 ShopFactory shopping cart price manipulation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/301863"
},
{
"name" : "20030305 shopfactory shopping cart",
"refsource" : "BUGTRAQ",
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2003/03/msg00081.html"
},
{
"name" : "6296",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6296"
},
{
"name" : "3263",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3263"
},
{
"name" : "shopfactory-price-modification(10746)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10746"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "shopfactory-price-modification(10746)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10746"
},
{
"name": "20030305 shopfactory shopping cart",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2003/03/msg00081.html"
},
{
"name": "3263",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3263"
},
{
"name": "20021202 ShopFactory shopping cart price manipulation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/301863"
},
{
"name": "6296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6296"
}
]
}
}

160
2003/0xxx/CVE-2003-0153.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102980129101054&w=2"
},
{
"name" : "DSA-265",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-265"
},
{
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=187230",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=187230"
},
{
"name" : "5517",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5517"
},
{
"name" : "bonsai-path-disclosure(9921)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9921"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102980129101054&w=2"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=187230",
"refsource": "CONFIRM",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=187230"
},
{
"name": "DSA-265",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-265"
},
{
"name": "bonsai-path-disclosure(9921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9921"
},
{
"name": "5517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5517"
}
]
}
}

120
2003/0xxx/CVE-2003-0764.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0764",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030909 Escapade Scripting Engine XSS Vulnerability and Path Disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106312344631197&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030909 Escapade Scripting Engine XSS Vulnerability and Path Disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106312344631197&w=2"
}
]
}
}

170
2009/1xxx/CVE-2009-1056.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1056",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by \"forcefully browsing.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "PK79991",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK79991"
},
{
"name" : "34163",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34163"
},
{
"name" : "52764",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52764"
},
{
"name" : "1021863",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021863"
},
{
"name" : "34349",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34349"
},
{
"name" : "ADV-2009-0768",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0768"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by \"forcefully browsing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34349"
},
{
"name": "1021863",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021863"
},
{
"name": "52764",
"refsource": "OSVDB",
"url": "http://osvdb.org/52764"
},
{
"name": "PK79991",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK79991"
},
{
"name": "34163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34163"
},
{
"name": "ADV-2009-0768",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0768"
}
]
}
}

150
2009/1xxx/CVE-2009-1351.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8451",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8451"
},
{
"name" : "34554",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34554"
},
{
"name" : "53770",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53770"
},
{
"name" : "34050",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8451",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8451"
},
{
"name": "53770",
"refsource": "OSVDB",
"url": "http://osvdb.org/53770"
},
{
"name": "34554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34554"
},
{
"name": "34050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34050"
}
]
}
}

150
2009/1xxx/CVE-2009-1777.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1777",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090512 FormMail 1.92 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503446/100/0/threaded"
},
{
"name" : "http://www.ush.it/team/ush/hack-formmail_192/adv.txt",
"refsource" : "MISC",
"url" : "http://www.ush.it/team/ush/hack-formmail_192/adv.txt"
},
{
"name" : "34929",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34929"
},
{
"name" : "35068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35068"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the redirect parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ush.it/team/ush/hack-formmail_192/adv.txt",
"refsource": "MISC",
"url": "http://www.ush.it/team/ush/hack-formmail_192/adv.txt"
},
{
"name": "20090512 FormMail 1.92 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503446/100/0/threaded"
},
{
"name": "34929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34929"
},
{
"name": "35068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35068"
}
]
}
}

130
2009/1xxx/CVE-2009-1822.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1822",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8697",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8697"
},
{
"name" : "34986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34986"
},
{
"name": "8697",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8697"
}
]
}
}

140
2012/0xxx/CVE-2012-0145.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka \"XSS in wizardlist.aspx Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-0145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS12-011",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011"
},
{
"name" : "TA12-045A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-045A.html"
},
{
"name" : "oval:org.mitre.oval:def:14826",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka \"XSS in wizardlist.aspx Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-045A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-045A.html"
},
{
"name": "oval:org.mitre.oval:def:14826",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14826"
},
{
"name": "MS12-011",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011"
}
]
}
}

180
2012/0xxx/CVE-2012-0488.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0488",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name" : "GLSA-201308-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name" : "USN-1397-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name" : "51506",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51506"
},
{
"name" : "78386",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78386"
},
{
"name" : "53372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53372"
},
{
"name" : "mysql-serveruns7-dos(72529)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72529"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1397-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "mysql-serveruns7-dos(72529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72529"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "51506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51506"
},
{
"name": "78386",
"refsource": "OSVDB",
"url": "http://osvdb.org/78386"
}
]
}
}

160
2012/1xxx/CVE-2012-1015.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt",
"refsource" : "CONFIRM",
"url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt"
},
{
"name" : "DSA-2518",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2518"
},
{
"name" : "MDVSA-2012:120",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:120"
},
{
"name" : "RHSA-2012:1131",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1131.html"
},
{
"name" : "openSUSE-SU-2012:0967",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00016.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt"
},
{
"name": "RHSA-2012:1131",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1131.html"
},
{
"name": "openSUSE-SU-2012:0967",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00016.html"
},
{
"name": "DSA-2518",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2518"
},
{
"name": "MDVSA-2012:120",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:120"
}
]
}
}

130
2012/3xxx/CVE-2012-3185.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3186."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3186."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

200
2012/3xxx/CVE-2012-3632.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3632",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5502",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5502"
},
{
"name" : "http://support.apple.com/kb/HT5642",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5642"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name" : "APPLE-SA-2013-01-28-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html"
},
{
"name" : "55534",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55534"
},
{
"name" : "oval:org.mitre.oval:def:16768",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16768"
},
{
"name" : "apple-itunes-webkit-cve20123632(78540)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78540"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "http://support.apple.com/kb/HT5642",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5642"
},
{
"name": "http://support.apple.com/kb/HT5502",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5502"
},
{
"name": "55534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55534"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "apple-itunes-webkit-cve20123632(78540)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78540"
},
{
"name": "oval:org.mitre.oval:def:16768",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16768"
},
{
"name": "APPLE-SA-2013-01-28-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html"
}
]
}
}

180
2012/3xxx/CVE-2012-3952.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3952",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120808 Multiple Vulnerabilities in phpList",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-08/0059.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23100",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23100"
},
{
"name" : "http://www.phplist.com/?lid=579",
"refsource" : "CONFIRM",
"url" : "http://www.phplist.com/?lid=579"
},
{
"name" : "54887",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54887"
},
{
"name" : "84482",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/84482"
},
{
"name" : "50150",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50150"
},
{
"name" : "phplist-unconfirmed-xss(77526)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77526"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phplist.com/?lid=579",
"refsource": "CONFIRM",
"url": "http://www.phplist.com/?lid=579"
},
{
"name": "https://www.htbridge.com/advisory/HTB23100",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23100"
},
{
"name": "phplist-unconfirmed-xss(77526)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77526"
},
{
"name": "54887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54887"
},
{
"name": "20120808 Multiple Vulnerabilities in phpList",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0059.html"
},
{
"name": "50150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50150"
},
{
"name": "84482",
"refsource": "OSVDB",
"url": "http://osvdb.org/84482"
}
]
}
}

140
2012/4xxx/CVE-2012-4390.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4390",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name" : "http://owncloud.org/changelog/",
"refsource" : "CONFIRM",
"url" : "http://owncloud.org/changelog/"
},
{
"name" : "https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707",
"refsource" : "CONFIRM",
"url" : "https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
}
]
}
}

34
2012/4xxx/CVE-2012-4438.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4438",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4438",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2012/4xxx/CVE-2012-4574.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4574",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=872487",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=872487"
},
{
"name" : "RHSA-2012:1543",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1543.html"
},
{
"name" : "56819",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56819"
},
{
"name" : "88138",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/88138"
},
{
"name" : "51472",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51472"
},
{
"name" : "cloudforms-pulpconf-info-disc(80548)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80548"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cloudforms-pulpconf-info-disc(80548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80548"
},
{
"name": "88138",
"refsource": "OSVDB",
"url": "http://osvdb.org/88138"
},
{
"name": "51472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51472"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=872487",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=872487"
},
{
"name": "RHSA-2012:1543",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1543.html"
},
{
"name": "56819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56819"
}
]
}
}

130
2012/4xxx/CVE-2012-4921.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-4921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "89441",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/89441"
},
{
"name" : "51531",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51531"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS Custom Notification plugin 1.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change application settings or (2) conduct cross-site scripting (XSS) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51531"
},
{
"name": "89441",
"refsource": "OSVDB",
"url": "http://osvdb.org/89441"
}
]
}
}

34
2012/6xxx/CVE-2012-6126.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6126",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4525, CVE-2012-4526. Reason: This candidate is a duplicate of CVE-2012-4525 and CVE-2012-4526. Notes: All CVE users should reference CVE-2012-4525 and/or CVE-2012-4526 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6126",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4525, CVE-2012-4526. Reason: This candidate is a duplicate of CVE-2012-4525 and CVE-2012-4526. Notes: All CVE users should reference CVE-2012-4525 and/or CVE-2012-4526 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

34
2012/6xxx/CVE-2012-6205.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6205",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6205",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

120
2012/6xxx/CVE-2012-6325.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6325",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2012-0018.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not properly parse XML documents, which allows remote authenticated users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0018.html"
}
]
}
}

140
2017/2xxx/CVE-2017-2184.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HOME SPOT CUBE2",
"version" : {
"version_data" : [
{
"version_value" : "firmware V101 and earlier"
}
]
}
}
]
},
"vendor_name" : "KDDI CORPORATION"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HOME SPOT CUBE2",
"version": {
"version_data": [
{
"version_value": "firmware V101 and earlier"
}
]
}
}
]
},
"vendor_name": "KDDI CORPORATION"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.au.com/information/notice_mobile/update/update-20170612-01/",
"refsource" : "CONFIRM",
"url" : "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name" : "JVN#24348065",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN24348065/index.html"
},
{
"name" : "99282",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99282"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.au.com/information/notice_mobile/update/update-20170612-01/",
"refsource": "CONFIRM",
"url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
},
{
"name": "99282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99282"
},
{
"name": "JVN#24348065",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN24348065/index.html"
}
]
}
}

140
2017/2xxx/CVE-2017-2801.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"ID" : "CVE-2017-2801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Botan",
"version" : {
"version_data" : [
{
"version_value" : "2.0.1"
}
]
}
}
]
},
"vendor_name" : "Randombit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Certificate validation bypass"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Botan",
"version": {
"version_data": [
{
"version_value": "2.0.1"
}
]
}
}
]
},
"vendor_name": "Randombit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://talosintelligence.com/vulnerability_reports/TALOS-2017-0294",
"refsource" : "MISC",
"url" : "http://talosintelligence.com/vulnerability_reports/TALOS-2017-0294"
},
{
"name" : "DSA-3939",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3939"
},
{
"name" : "98106",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in order to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Certificate validation bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98106"
},
{
"name": "DSA-3939",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3939"
},
{
"name": "http://talosintelligence.com/vulnerability_reports/TALOS-2017-0294",
"refsource": "MISC",
"url": "http://talosintelligence.com/vulnerability_reports/TALOS-2017-0294"
}
]
}
}

140
2017/2xxx/CVE-2017-2971.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-2971",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-2971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0259/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0259/"
},
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
},
{
"name" : "95690",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95690"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95690"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0259/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0259/"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
}
]
}
}

160
2017/6xxx/CVE-2017-6429.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6429",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20170306 CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/540221/100/0/threaded"
},
{
"name" : "https://github.com/appneta/tcpreplay/commit/d689d14dbcd768c028eab2fb378d849e543dcfe9",
"refsource" : "CONFIRM",
"url" : "https://github.com/appneta/tcpreplay/commit/d689d14dbcd768c028eab2fb378d849e543dcfe9"
},
{
"name" : "https://github.com/appneta/tcpreplay/issues/278",
"refsource" : "CONFIRM",
"url" : "https://github.com/appneta/tcpreplay/issues/278"
},
{
"name" : "https://github.com/appneta/tcpreplay/releases/tag/v4.2.0-beta1",
"refsource" : "CONFIRM",
"url" : "https://github.com/appneta/tcpreplay/releases/tag/v4.2.0-beta1"
},
{
"name" : "96579",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96579"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170306 CVE-2017-6429: Buffer overflow vulnerability in Tcpreplay tcpcapinfo utility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540221/100/0/threaded"
},
{
"name": "https://github.com/appneta/tcpreplay/commit/d689d14dbcd768c028eab2fb378d849e543dcfe9",
"refsource": "CONFIRM",
"url": "https://github.com/appneta/tcpreplay/commit/d689d14dbcd768c028eab2fb378d849e543dcfe9"
},
{
"name": "96579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96579"
},
{
"name": "https://github.com/appneta/tcpreplay/issues/278",
"refsource": "CONFIRM",
"url": "https://github.com/appneta/tcpreplay/issues/278"
},
{
"name": "https://github.com/appneta/tcpreplay/releases/tag/v4.2.0-beta1",
"refsource": "CONFIRM",
"url": "https://github.com/appneta/tcpreplay/releases/tag/v4.2.0-beta1"
}
]
}
}

130
2017/6xxx/CVE-2017-6446.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6446",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://dev.dotclear.org/2.0/changeset/1e44804e7c85b45f42245111c8c0de100a2ff6e3",
"refsource" : "CONFIRM",
"url" : "https://dev.dotclear.org/2.0/changeset/1e44804e7c85b45f42245111c8c0de100a2ff6e3"
},
{
"name" : "96575",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96575"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96575",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96575"
},
{
"name": "https://dev.dotclear.org/2.0/changeset/1e44804e7c85b45f42245111c8c0de100a2ff6e3",
"refsource": "CONFIRM",
"url": "https://dev.dotclear.org/2.0/changeset/1e44804e7c85b45f42245111c8c0de100a2ff6e3"
}
]
}
}

130
2017/6xxx/CVE-2017-6694.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-6694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Ultra Services Platform",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Ultra Services Platform"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Ultra Services Platform",
"version": {
"version_data": [
{
"version_value": "Cisco Ultra Services Platform"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1"
},
{
"name" : "98972",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98972"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Virtual Network Function Manager's (VNFM) logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data (cleartext credentials) on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98972"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usp1"
}
]
}
}

180
2017/6xxx/CVE-2017-6979.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-6979",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"IOSurface\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-6979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42555",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42555/"
},
{
"name" : "https://support.apple.com/HT207797",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207797"
},
{
"name" : "https://support.apple.com/HT207798",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207798"
},
{
"name" : "https://support.apple.com/HT207800",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207800"
},
{
"name" : "https://support.apple.com/HT207801",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207801"
},
{
"name" : "98468",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98468"
},
{
"name" : "1038484",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"IOSurface\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038484",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038484"
},
{
"name": "https://support.apple.com/HT207797",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207797"
},
{
"name": "https://support.apple.com/HT207800",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207800"
},
{
"name": "98468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98468"
},
{
"name": "42555",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42555/"
},
{
"name": "https://support.apple.com/HT207798",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207798"
},
{
"name": "https://support.apple.com/HT207801",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207801"
}
]
}
}

130
2017/7xxx/CVE-2017-7388.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7388",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/resetpassword.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/micwallace/wallacepos/issues/84",
"refsource" : "CONFIRM",
"url" : "https://github.com/micwallace/wallacepos/issues/84"
},
{
"name" : "97316",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data (token) passed to the 'wallacepos-master/myaccount/resetpassword.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97316"
},
{
"name": "https://github.com/micwallace/wallacepos/issues/84",
"refsource": "CONFIRM",
"url": "https://github.com/micwallace/wallacepos/issues/84"
}
]
}
}

130
2018/10xxx/CVE-2018-10996.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10996",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/kgsdy/D-Link-DIR-629/blob/master/D-Link-DIR-629-B1.md",
"refsource" : "MISC",
"url" : "https://github.com/kgsdy/D-Link-DIR-629/blob/master/D-Link-DIR-629-B1.md"
},
{
"name" : "104277",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104277"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout request involving a long REMOTE_ADDR environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104277"
},
{
"name": "https://github.com/kgsdy/D-Link-DIR-629/blob/master/D-Link-DIR-629-B1.md",
"refsource": "MISC",
"url": "https://github.com/kgsdy/D-Link-DIR-629/blob/master/D-Link-DIR-629-B1.md"
}
]
}
}

120
2018/11xxx/CVE-2018-11824.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11824",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stack-based Buffer Overflow in TrustZone"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}

130
2018/14xxx/CVE-2018-14246.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.1049"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the convertTocPDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6009."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.1049"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-706",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-706"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the convertTocPDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-706",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-706"
}
]
}
}

155
2018/14xxx/CVE-2018-14612.json
View File

@ -1,77 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14612",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.kernel.org/show_bug.cgi?id=199847",
"refsource" : "MISC",
"url" : "https://bugzilla.kernel.org/show_bug.cgi?id=199847"
},
{
"name" : "https://patchwork.kernel.org/patch/10503403/",
"refsource" : "MISC",
"url" : "https://patchwork.kernel.org/patch/10503403/"
},
{
"name" : "https://patchwork.kernel.org/patch/10503413/",
"refsource" : "MISC",
"url" : "https://patchwork.kernel.org/patch/10503413/"
},
{
"name" : "104917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104917"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104917"
},
{
"name": "https://patchwork.kernel.org/patch/10503403/",
"refsource": "MISC",
"url": "https://patchwork.kernel.org/patch/10503403/"
},
{
"name": "https://patchwork.kernel.org/patch/10503413/",
"refsource": "MISC",
"url": "https://patchwork.kernel.org/patch/10503413/"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199847",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199847"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
}
]
}
}

34
2018/14xxx/CVE-2018-14871.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14871",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14871",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/14xxx/CVE-2018-14896.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14896",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14896",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15278.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15278",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15278",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

164
2018/15xxx/CVE-2018-15428.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-03T16:00:00-0500",
"ID" : "CVE-2018-15428",
"STATE" : "PUBLIC",
"TITLE" : "Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco IOS XR Software ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "6.8",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-10-03T16:00:00-0500",
"ID": "CVE-2018-15428",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XR Software ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181003 Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-iosxr-dos"
},
{
"name" : "1041790",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041790"
}
]
},
"source" : {
"advisory" : "cisco-sa-20181003-iosxr-dos",
"defect" : [
[
"CSCvj58445"
]
],
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain BGP update messages. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.8",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181003 Cisco IOS XR Software Border Gateway Protocol Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-iosxr-dos"
},
{
"name": "1041790",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041790"
}
]
},
"source": {
"advisory": "cisco-sa-20181003-iosxr-dos",
"defect": [
[
"CSCvj58445"
]
],
"discovery": "UNKNOWN"
}
}

178
2018/15xxx/CVE-2018-15443.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-11-07T16:00:00-0600",
"ID" : "CVE-2018-15443",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Firepower Detection Engine TCP Intrusion Prevention System Rule Bypass Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Firepower Management Center ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An attacker could exploit this vulnerability by sending a crafted TCP connection request through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "5.8",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-11-07T16:00:00-0600",
"ID": "CVE-2018-15443",
"STATE": "PUBLIC",
"TITLE": "Cisco Firepower Detection Engine TCP Intrusion Prevention System Rule Bypass Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Management Center ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181107 Cisco Firepower Detection Engine TCP Intrusion Prevention System Rule Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-fde-tcp-bypass"
},
{
"name" : "105870",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105870"
}
]
},
"source" : {
"advisory" : "cisco-sa-20181107-fde-tcp-bypass",
"defect" : [
[
"CSCvk76547"
]
],
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects certain types of TCP traffic. The vulnerability is due to incorrect TCP retransmission handling. An attacker could exploit this vulnerability by sending a crafted TCP connection request through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "5.8",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181107 Cisco Firepower Detection Engine TCP Intrusion Prevention System Rule Bypass Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-fde-tcp-bypass"
},
{
"name": "105870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105870"
}
]
},
"source": {
"advisory": "cisco-sa-20181107-fde-tcp-bypass",
"defect": [
[
"CSCvk76547"
]
],
"discovery": "INTERNAL"
}
}

34
2018/15xxx/CVE-2018-15488.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15488",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15488",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/15xxx/CVE-2018-15973.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-15973",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Experience Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.4, 6.3, 6.2, 6.1, and 6.0 versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stored Cross-site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-15973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Experience Manager",
"version": {
"version_data": [
{
"version_value": "6.4, 6.3, 6.2, 6.1, and 6.0 versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html"
},
{
"name" : "105578",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105578"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html"
},
{
"name": "105578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105578"
}
]
}
}

34
2018/20xxx/CVE-2018-20672.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20672",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20672",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/20xxx/CVE-2018-20726.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20726",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Cacti/cacti/blob/develop/CHANGELOG",
"refsource" : "MISC",
"url" : "https://github.com/Cacti/cacti/blob/develop/CHANGELOG"
},
{
"name" : "https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d",
"refsource" : "MISC",
"url" : "https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d"
},
{
"name" : "https://github.com/Cacti/cacti/issues/2213",
"refsource" : "MISC",
"url" : "https://github.com/Cacti/cacti/issues/2213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d",
"refsource": "MISC",
"url": "https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d"
},
{
"name": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG",
"refsource": "MISC",
"url": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG"
},
{
"name": "https://github.com/Cacti/cacti/issues/2213",
"refsource": "MISC",
"url": "https://github.com/Cacti/cacti/issues/2213"
}
]
}
}

140
2018/9xxx/CVE-2018-9266.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14481",
"refsource" : "MISC",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14481"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9d3714e767cb104dcfa1647935fa5960b16bb8e1",
"refsource" : "MISC",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9d3714e767cb104dcfa1647935fa5960b16bb8e1"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2018-24.html",
"refsource" : "MISC",
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-24.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2018-24.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-24.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14481",
"refsource": "MISC",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14481"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9d3714e767cb104dcfa1647935fa5960b16bb8e1",
"refsource": "MISC",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9d3714e767cb104dcfa1647935fa5960b16bb8e1"
}
]
}
}

34
2018/9xxx/CVE-2018-9299.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9299",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9299",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9399.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9399",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9399",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/9xxx/CVE-2018-9559.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2018-9559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112731440."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2018-9559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-12-01"
},
{
"name" : "106147",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112731440."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106147"
},
{
"name": "https://source.android.com/security/bulletin/2018-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-12-01"
}
]
}
}

34
2018/9xxx/CVE-2018-9828.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9828",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9828",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}