admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:00:51 +00:00
parent 5c34b6b676
commit 58c60530e5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3483 additions and 3483 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
2002/1xxx/CVE-2002-1589.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "48067",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-48067-1"
},
{
"name" : "6080",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6080"
},
{
"name" : "solaris-kmem-flags-dos(10496)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10496"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_DEADBEEF, or deadbeef) is set in the kmem_flags kernel parameter, allows local users to cause a denial of service (system panic)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48067",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-48067-1"
},
{
"name": "solaris-kmem-flags-dos(10496)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10496"
},
{
"name": "6080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6080"
}
]
}
}

118
2003/0xxx/CVE-2003-0313.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030516 Snowblind Web Server: multiple issues",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105311719128173&w=2"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030516 Snowblind Web Server: multiple issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105311719128173&w=2"
}
]
}
}

168
2003/0xxx/CVE-2003-0347.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0347",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030903 EEYE: VBE Document Property Buffer Overflow",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html"
},
{
"name" : "20030903 EEYE: VBE Document Property Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106262077829157&w=2"
},
{
"name" : "MS03-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037"
},
{
"name" : "VU#804780",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/804780"
},
{
"name" : "8534",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8534"
},
{
"name" : "9666",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/9666"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#804780",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/804780"
},
{
"name": "20030903 EEYE: VBE Document Property Buffer Overflow",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html"
},
{
"name": "9666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9666"
},
{
"name": "20030903 EEYE: VBE Document Property Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106262077829157&w=2"
},
{
"name": "8534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8534"
},
{
"name": "MS03-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037"
}
]
}
}

128
2003/0xxx/CVE-2003-0421.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0421",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html"
},
{
"name" : "http://www.rapid7.com/advisories/R7-0015.html",
"refsource" : "MISC",
"url" : "http://www.rapid7.com/advisories/R7-0015.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html"
},
{
"name": "http://www.rapid7.com/advisories/R7-0015.html",
"refsource": "MISC",
"url": "http://www.rapid7.com/advisories/R7-0015.html"
}
]
}
}

158
2003/0xxx/CVE-2003-0627.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0627",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031103 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html"
},
{
"name" : "20031113 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0042.html"
},
{
"name" : "9038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9038"
},
{
"name" : "10225",
"refsource" : "SECUNIA",
"url" : "http://www.secunia.com/advisories/10225/"
},
{
"name" : "peoplesoft-searchcgi-directory-traversal(13754)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13754"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031103 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html"
},
{
"name": "20031113 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0042.html"
},
{
"name": "10225",
"refsource": "SECUNIA",
"url": "http://www.secunia.com/advisories/10225/"
},
{
"name": "peoplesoft-searchcgi-directory-traversal(13754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13754"
},
{
"name": "9038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9038"
}
]
}
}

148
2003/1xxx/CVE-2003-1069.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "54181",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54181-1"
},
{
"name" : "7794",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7794"
},
{
"name" : "8935",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8935/"
},
{
"name" : "sun-intelnetd-dos(12140)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12140"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8935/"
},
{
"name": "7794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7794"
},
{
"name": "sun-intelnetd-dos(12140)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12140"
},
{
"name": "54181",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54181-1"
}
]
}
}

148
2003/1xxx/CVE-2003-1263.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1263",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030103 ical 3.7 remote dos",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0011.html"
},
{
"name" : "6505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6505"
},
{
"name" : "ical-icalexe-port-dos(10973)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10973.php"
},
{
"name" : "6506",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6506"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6505"
},
{
"name": "ical-icalexe-port-dos(10973)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10973.php"
},
{
"name": "6506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6506"
},
{
"name": "20030103 ical 3.7 remote dos",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0011.html"
}
]
}
}

248
2003/1xxx/CVE-2003-1294.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2003-1294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.novell.com/linux/download/updates/90_i386.html",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/linux/download/updates/90_i386.html"
},
{
"name" : "http://jwz.livejournal.com/310943.html",
"refsource" : "MISC",
"url" : "http://jwz.livejournal.com/310943.html"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm"
},
{
"name" : "RHSA-2006:0498",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0498.html"
},
{
"name" : "20060602-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"name" : "9125",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9125"
},
{
"name" : "oval:org.mitre.oval:def:10848",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10848"
},
{
"name" : "ADV-2006-1948",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1948"
},
{
"name" : "20224",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20224"
},
{
"name" : "20226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20226"
},
{
"name" : "20456",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20456"
},
{
"name" : "20782",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20782"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968"
},
{
"name": "oval:org.mitre.oval:def:10848",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10848"
},
{
"name": "20782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20782"
},
{
"name": "RHSA-2006:0498",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0498.html"
},
{
"name": "ADV-2006-1948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1948"
},
{
"name": "20224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20224"
},
{
"name": "9125",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9125"
},
{
"name": "20060602-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc"
},
{
"name": "20456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20456"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286"
},
{
"name": "http://www.novell.com/linux/download/updates/90_i386.html",
"refsource": "CONFIRM",
"url": "http://www.novell.com/linux/download/updates/90_i386.html"
},
{
"name": "http://jwz.livejournal.com/310943.html",
"refsource": "MISC",
"url": "http://jwz.livejournal.com/310943.html"
},
{
"name": "20226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20226"
}
]
}
}

158
2003/1xxx/CVE-2003-1499.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1499",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031019 ByteHoard Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0200.html"
},
{
"name" : "20031019 ByteHoard Directory Traversal Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012430.html"
},
{
"name" : "http://www.securiteam.com/unixfocus/6L00L008KE.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/unixfocus/6L00L008KE.html"
},
{
"name" : "8850",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8850"
},
{
"name" : "bytehoard-dotdot-directory-traversal(13456)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13456"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031019 ByteHoard Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-10/0200.html"
},
{
"name": "8850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8850"
},
{
"name": "bytehoard-dotdot-directory-traversal(13456)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13456"
},
{
"name": "http://www.securiteam.com/unixfocus/6L00L008KE.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/6L00L008KE.html"
},
{
"name": "20031019 ByteHoard Directory Traversal Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012430.html"
}
]
}
}

158
2004/0xxx/CVE-2004-0522.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-512",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-512"
},
{
"name" : "GLSA-200406-10",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200406-10.xml"
},
{
"name" : "10451",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10451"
},
{
"name" : "11752",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11752"
},
{
"name" : "gallery-user-bypass-authentication(16301)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16301"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-512",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-512"
},
{
"name": "10451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10451"
},
{
"name": "gallery-user-bypass-authentication(16301)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16301"
},
{
"name": "11752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11752"
},
{
"name": "GLSA-200406-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200406-10.xml"
}
]
}
}

198
2004/2xxx/CVE-2004-2104.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040123 NetWare-Enterprise-Web-Server/5.1/6.0 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107487862304440&w=2"
},
{
"name" : "9479",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9479"
},
{
"name" : "3715",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3715"
},
{
"name" : "3720",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3720"
},
{
"name" : "3721",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3721"
},
{
"name" : "3722",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3722"
},
{
"name" : "4952",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4952"
},
{
"name" : "10711",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10711"
},
{
"name" : "netware-enterprise-path-disclosure(14921)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14921"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3720",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3720"
},
{
"name": "20040123 NetWare-Enterprise-Web-Server/5.1/6.0 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107487862304440&w=2"
},
{
"name": "10711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10711"
},
{
"name": "3721",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3721"
},
{
"name": "4952",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4952"
},
{
"name": "netware-enterprise-path-disclosure(14921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14921"
},
{
"name": "3722",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3722"
},
{
"name": "9479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9479"
},
{
"name": "3715",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3715"
}
]
}
}

168
2004/2xxx/CVE-2004-2111.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040124 [SST]ServU MDTM command remote buffero verflow adv",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html"
},
{
"name" : "20040126 Serv-U ftp 4.2 site chmod long_file_name exploit",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107513654005840&w=2"
},
{
"name" : "9675",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9675"
},
{
"name" : "9483",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9483"
},
{
"name" : "1008841",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1008841"
},
{
"name" : "servu-chmodcommand-execute-code(14931)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14931"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "servu-chmodcommand-execute-code(14931)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14931"
},
{
"name": "9483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9483"
},
{
"name": "1008841",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008841"
},
{
"name": "9675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9675"
},
{
"name": "20040126 Serv-U ftp 4.2 site chmod long_file_name exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107513654005840&w=2"
},
{
"name": "20040124 [SST]ServU MDTM command remote buffero verflow adv",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-01/0249.html"
}
]
}
}

158
2004/2xxx/CVE-2004-2624.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2624",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in \"TextSearch\" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the \"phrase\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wackowiki.com/WackoDownload/VersionHistory?v=yrv",
"refsource" : "CONFIRM",
"url" : "http://wackowiki.com/WackoDownload/VersionHistory?v=yrv"
},
{
"name" : "10860",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10860"
},
{
"name" : "8295",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/8295"
},
{
"name" : "12209",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12209"
},
{
"name" : "wackowiki-text-search-xss(16878)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16878"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in \"TextSearch\" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the \"phrase\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8295",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8295"
},
{
"name": "12209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12209"
},
{
"name": "10860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10860"
},
{
"name": "wackowiki-text-search-xss(16878)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16878"
},
{
"name": "http://wackowiki.com/WackoDownload/VersionHistory?v=yrv",
"refsource": "CONFIRM",
"url": "http://wackowiki.com/WackoDownload/VersionHistory?v=yrv"
}
]
}
}

168
2004/2xxx/CVE-2004-2641.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2641",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57544-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57544-1"
},
{
"name" : "10189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10189"
},
{
"name" : "5577",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5577"
},
{
"name" : "1009888",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1009888"
},
{
"name" : "11439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11439"
},
{
"name" : "sun-fire-ip-controller-dos(15925)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15925"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5577",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5577"
},
{
"name": "11439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11439"
},
{
"name": "10189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10189"
},
{
"name": "sun-fire-ip-controller-dos(15925)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15925"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57544-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57544-1"
},
{
"name": "1009888",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009888"
}
]
}
}

208
2008/2xxx/CVE-2008-2006.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2006",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080521 CORE-2008-0126: Multiple vulnerabilities in iCal",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492414/100/0/threaded"
},
{
"name" : "20080527 Re: CORE-2008-0126: Multiple vulnerabilities in iCal",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492638/100/100/threaded"
},
{
"name" : "20080528 Re: CORE-2008-0126: Multiple vulnerabilities in iCal",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492682/100/0/threaded"
},
{
"name" : "http://www.coresecurity.com/?action=item&id=2219",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/?action=item&id=2219"
},
{
"name" : "28632",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28632"
},
{
"name" : "28629",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28629"
},
{
"name" : "1020094",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020094"
},
{
"name" : "ADV-2008-1601",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1601"
},
{
"name" : "3901",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3901"
},
{
"name" : "ical-trigger-dos(42569)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42569"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1601",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1601"
},
{
"name": "ical-trigger-dos(42569)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42569"
},
{
"name": "28632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28632"
},
{
"name": "http://www.coresecurity.com/?action=item&id=2219",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item&id=2219"
},
{
"name": "20080528 Re: CORE-2008-0126: Multiple vulnerabilities in iCal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492682/100/0/threaded"
},
{
"name": "20080527 Re: CORE-2008-0126: Multiple vulnerabilities in iCal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492638/100/100/threaded"
},
{
"name": "3901",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3901"
},
{
"name": "1020094",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020094"
},
{
"name": "28629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28629"
},
{
"name": "20080521 CORE-2008-0126: Multiple vulnerabilities in iCal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492414/100/0/threaded"
}
]
}
}

228
2008/2xxx/CVE-2008-2420.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2420",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[stunnel-announce] 20080519 stunnel 4.24 released",
"refsource" : "MLIST",
"url" : "http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html"
},
{
"name" : "FEDORA-2008-4531",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00856.html"
},
{
"name" : "FEDORA-2008-4579",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00907.html"
},
{
"name" : "FEDORA-2008-4606",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00942.html"
},
{
"name" : "GLSA-200808-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200808-08.xml"
},
{
"name" : "MDVSA-2008:168",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:168"
},
{
"name" : "29309",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29309"
},
{
"name" : "ADV-2008-1569",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1569/references"
},
{
"name" : "30335",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30335"
},
{
"name" : "30425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30425"
},
{
"name" : "31438",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31438"
},
{
"name" : "stunnel-ocsp-security-bypass(42528)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42528"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30425"
},
{
"name": "stunnel-ocsp-security-bypass(42528)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42528"
},
{
"name": "FEDORA-2008-4606",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00942.html"
},
{
"name": "ADV-2008-1569",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1569/references"
},
{
"name": "30335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30335"
},
{
"name": "31438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31438"
},
{
"name": "FEDORA-2008-4531",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00856.html"
},
{
"name": "MDVSA-2008:168",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:168"
},
{
"name": "[stunnel-announce] 20080519 stunnel 4.24 released",
"refsource": "MLIST",
"url": "http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html"
},
{
"name": "FEDORA-2008-4579",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00907.html"
},
{
"name": "GLSA-200808-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-08.xml"
},
{
"name": "29309",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29309"
}
]
}
}

148
2008/2xxx/CVE-2008-2489.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified \"user input.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080527-2/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080527-2/"
},
{
"name" : "ADV-2008-1665",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1665/references"
},
{
"name" : "30400",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30400"
},
{
"name" : "sqzfelib-unspecified-sql-injection(42625)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42625"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified \"user input.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1665",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1665/references"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080527-2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080527-2/"
},
{
"name": "30400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30400"
},
{
"name": "sqzfelib-unspecified-sql-injection(42625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42625"
}
]
}
}

138
2008/2xxx/CVE-2008-2797.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "29785",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29785"
},
{
"name" : "30745",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30745"
},
{
"name" : "optutils-mainlayout-xss(43158)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43158"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MainLayout.do in ManageEngine OpUtils 5.0 allows remote attackers to inject arbitrary web script or HTML via the hostName parameter, when viewing an SNMP graph. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30745"
},
{
"name": "optutils-mainlayout-xss(43158)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43158"
},
{
"name": "29785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29785"
}
]
}
}

128
2012/0xxx/CVE-2012-0108.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0108",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0095."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0095."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

168
2012/0xxx/CVE-2012-0861.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2012:1505",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1505.html"
},
{
"name" : "RHSA-2012:1506",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1506.html"
},
{
"name" : "RHSA-2012:1508",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1508.html"
},
{
"name" : "56825",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56825"
},
{
"name" : "1027838",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027838"
},
{
"name" : "enterprise-ssl-certificates-mitm(80544)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80544"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1508.html"
},
{
"name": "56825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56825"
},
{
"name": "RHSA-2012:1506",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1506.html"
},
{
"name": "RHSA-2012:1505",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1505.html"
},
{
"name": "enterprise-ssl-certificates-mitm(80544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80544"
},
{
"name": "1027838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027838"
}
]
}
}

238
2012/1xxx/CVE-2012-1469.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1469",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120321 Multiple vulnerabilities in Open Journal Systems (OJS)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0102.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23079",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23079"
},
{
"name" : "http://pkp.sfu.ca/ojs/RELEASE-2.3.7",
"refsource" : "CONFIRM",
"url" : "http://pkp.sfu.ca/ojs/RELEASE-2.3.7"
},
{
"name" : "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431",
"refsource" : "CONFIRM",
"url" : "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431"
},
{
"name" : "80255",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/80255"
},
{
"name" : "80256",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/80256"
},
{
"name" : "80257",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/80257"
},
{
"name" : "48449",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48449"
},
{
"name" : "48464",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48464"
},
{
"name" : "open-journal-editor-xss(74227)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74227"
},
{
"name" : "open-journal-index-xss(74225)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74225"
},
{
"name" : "open-journal-string-xss(74226)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74226"
},
{
"name" : "open-journal-articleid-xss(74228)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74228"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431",
"refsource": "CONFIRM",
"url": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431"
},
{
"name": "open-journal-articleid-xss(74228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74228"
},
{
"name": "open-journal-index-xss(74225)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74225"
},
{
"name": "48449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48449"
},
{
"name": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7",
"refsource": "CONFIRM",
"url": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7"
},
{
"name": "open-journal-editor-xss(74227)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74227"
},
{
"name": "80257",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80257"
},
{
"name": "https://www.htbridge.com/advisory/HTB23079",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23079"
},
{
"name": "80255",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80255"
},
{
"name": "20120321 Multiple vulnerabilities in Open Journal Systems (OJS)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0102.html"
},
{
"name": "48464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48464"
},
{
"name": "80256",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80256"
},
{
"name": "open-journal-string-xss(74226)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74226"
}
]
}
}

148
2012/1xxx/CVE-2012-1800.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-1800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf"
},
{
"name" : "http://support.automation.siemens.com/WW/view/en/59869684",
"refsource" : "CONFIRM",
"url" : "http://support.automation.siemens.com/WW/view/en/59869684"
},
{
"name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf"
},
{
"name" : "81034",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81034"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.automation.siemens.com/WW/view/en/59869684",
"refsource": "CONFIRM",
"url": "http://support.automation.siemens.com/WW/view/en/59869684"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf"
},
{
"name": "81034",
"refsource": "OSVDB",
"url": "http://osvdb.org/81034"
}
]
}
}

138
2012/5xxx/CVE-2012-5226.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18422",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18422"
},
{
"name" : "51700",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51700"
},
{
"name" : "peelshopping-multiple-xss(72765)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72765"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "peelshopping-multiple-xss(72765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72765"
},
{
"name": "18422",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18422"
},
{
"name": "51700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51700"
}
]
}
}

32
2012/5xxx/CVE-2012-5734.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5734",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5734",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2012/5xxx/CVE-2012-5999.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5999",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5999",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2017/11xxx/CVE-2017-11094.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11094",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11094",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

228
2017/11xxx/CVE-2017-11103.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11103",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.orpheus-lyre.info/",
"refsource" : "MISC",
"url" : "https://www.orpheus-lyre.info/"
},
{
"name" : "http://www.h5l.org/advisories.html?show=2017-07-11",
"refsource" : "CONFIRM",
"url" : "http://www.h5l.org/advisories.html?show=2017-07-11"
},
{
"name" : "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0",
"refsource" : "CONFIRM",
"url" : "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0"
},
{
"name" : "https://www.samba.org/samba/security/CVE-2017-11103.html",
"refsource" : "CONFIRM",
"url" : "https://www.samba.org/samba/security/CVE-2017-11103.html"
},
{
"name" : "https://support.apple.com/HT208112",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208112"
},
{
"name" : "https://support.apple.com/HT208144",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208144"
},
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
},
{
"name" : "DSA-3912",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3912"
},
{
"name" : "FreeBSD-SA-17:05",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc"
},
{
"name" : "99551",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99551"
},
{
"name" : "1038876",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038876"
},
{
"name" : "1039427",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039427"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "DSA-3912",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3912"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "https://www.orpheus-lyre.info/",
"refsource": "MISC",
"url": "https://www.orpheus-lyre.info/"
},
{
"name": "FreeBSD-SA-17:05",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:05.heimdal.asc"
},
{
"name": "99551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99551"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "https://www.samba.org/samba/security/CVE-2017-11103.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2017-11103.html"
},
{
"name": "1038876",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038876"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0",
"refsource": "CONFIRM",
"url": "https://github.com/heimdal/heimdal/releases/tag/heimdal-7.4.0"
},
{
"name": "http://www.h5l.org/advisories.html?show=2017-07-11",
"refsource": "CONFIRM",
"url": "http://www.h5l.org/advisories.html?show=2017-07-11"
}
]
}
}

138
2017/3xxx/CVE-2017-3029.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3029",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
},
{
"name" : "97554",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97554"
},
{
"name" : "1038228",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038228"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97554",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97554"
},
{
"name": "1038228",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038228"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
}
]
}
}

118
2017/3xxx/CVE-2017-3771.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2017-3771",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "E95, ThinkCentre M710s/M710t",
"version" : {
"version_data" : [
{
"version_value" : "Earlier than 1.3.2"
}
]
}
}
]
},
"vendor_name" : "Lenovo Group Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unauthorized bootloader allowed to run during system boot, reducing protection against rootkits"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2017-3771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "E95, ThinkCentre M710s/M710t",
"version": {
"version_data": [
{
"version_value": "Earlier than 1.3.2"
}
]
}
}
]
},
"vendor_name": "Lenovo Group Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.lenovo.com/us/en/product_security/LEN-17417",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/product_security/LEN-17417"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized bootloader allowed to run during system boot, reducing protection against rootkits"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-17417",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-17417"
}
]
}
}

32
2017/3xxx/CVE-2017-3914.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3914",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-3914",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

238
2017/7xxx/CVE-2017-7310.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41771",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41771/"
},
{
"name" : "41772",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41772/"
},
{
"name" : "41773",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41773/"
},
{
"name" : "43875",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43875/"
},
{
"name" : "44157",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44157/"
},
{
"name" : "http://www.diskboss.com/news.html",
"refsource" : "CONFIRM",
"url" : "http://www.diskboss.com/news.html"
},
{
"name" : "http://www.diskpulse.com/news.html",
"refsource" : "CONFIRM",
"url" : "http://www.diskpulse.com/news.html"
},
{
"name" : "http://www.disksavvy.com/news.html",
"refsource" : "CONFIRM",
"url" : "http://www.disksavvy.com/news.html"
},
{
"name" : "http://www.disksorter.com/news.html",
"refsource" : "CONFIRM",
"url" : "http://www.disksorter.com/news.html"
},
{
"name" : "http://www.dupscout.com/news.html",
"refsource" : "CONFIRM",
"url" : "http://www.dupscout.com/news.html"
},
{
"name" : "http://www.syncbreeze.com/news.html",
"refsource" : "CONFIRM",
"url" : "http://www.syncbreeze.com/news.html"
},
{
"name" : "http://www.vxsearch.com/news.html",
"refsource" : "CONFIRM",
"url" : "http://www.vxsearch.com/news.html"
},
{
"name" : "97237",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97237"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41771",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41771/"
},
{
"name": "43875",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43875/"
},
{
"name": "44157",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44157/"
},
{
"name": "41773",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41773/"
},
{
"name": "http://www.dupscout.com/news.html",
"refsource": "CONFIRM",
"url": "http://www.dupscout.com/news.html"
},
{
"name": "http://www.diskpulse.com/news.html",
"refsource": "CONFIRM",
"url": "http://www.diskpulse.com/news.html"
},
{
"name": "http://www.diskboss.com/news.html",
"refsource": "CONFIRM",
"url": "http://www.diskboss.com/news.html"
},
{
"name": "http://www.vxsearch.com/news.html",
"refsource": "CONFIRM",
"url": "http://www.vxsearch.com/news.html"
},
{
"name": "http://www.disksorter.com/news.html",
"refsource": "CONFIRM",
"url": "http://www.disksorter.com/news.html"
},
{
"name": "97237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97237"
},
{
"name": "41772",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41772/"
},
{
"name": "http://www.disksavvy.com/news.html",
"refsource": "CONFIRM",
"url": "http://www.disksavvy.com/news.html"
},
{
"name": "http://www.syncbreeze.com/news.html",
"refsource": "CONFIRM",
"url": "http://www.syncbreeze.com/news.html"
}
]
}
}

128
2017/8xxx/CVE-2017-8242.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-8242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Time-of-check Time-of-use (TOCTOU) Race Condition in QTEE"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Time-of-check Time-of-use (TOCTOU) Race Condition in QTEE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}

130
2017/8xxx/CVE-2017-8264.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-07-01T00:00:00",
"ID" : "CVE-2017-8264",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Reachable Assertion in Camera"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-07-01T00:00:00",
"ID": "CVE-2017-8264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name" : "99465",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99465"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reachable Assertion in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "99465",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99465"
}
]
}
}

32
2017/8xxx/CVE-2017-8286.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8286",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8286",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/8xxx/CVE-2017-8630.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-09-12T00:00:00",
"ID" : "CVE-2017-8630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630"
},
{
"name" : "100732",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100732"
},
{
"name" : "1039315",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039315"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka \"Microsoft Office Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8630"
},
{
"name": "100732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100732"
},
{
"name": "1039315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039315"
}
]
}
}

118
2017/8xxx/CVE-2017-8787.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861738",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861738"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861738",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861738"
}
]
}
}

148
2018/10xxx/CVE-2018-10188.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44496",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44496/"
},
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2018-2/",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2018-2/"
},
{
"name" : "103936",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103936"
},
{
"name" : "1040752",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040752"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103936"
},
{
"name": "1040752",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040752"
},
{
"name": "https://www.phpmyadmin.net/security/PMASA-2018-2/",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2018-2/"
},
{
"name": "44496",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44496/"
}
]
}
}

32
2018/10xxx/CVE-2018-10443.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10443",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10443",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

262
2018/10xxx/CVE-2018-10925.json
View File

@ -1,134 +1,134 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-10925",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "postgresql",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
},
{
"version_value" : "9.6.10"
},
{
"version_value" : "9.5.14"
},
{
"version_value" : "9.4.19"
},
{
"version_value" : "9.3.24"
}
]
}
}
]
},
"vendor_name" : "PostgreSQL Global Development Group"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with \"INSERT ... ON CONFLICT DO UPDATE\". An attacker with \"CREATE TABLE\" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain \"INSERT\" and limited \"UPDATE\" privileges to a particular table, they could exploit this to update other columns in the same table."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-863"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "postgresql",
"version": {
"version_data": [
{
"version_value": "10.5"
},
{
"version_value": "9.6.10"
},
{
"version_value": "9.5.14"
},
{
"version_value": "9.4.19"
},
{
"version_value": "9.3.24"
}
]
}
}
]
},
"vendor_name": "PostgreSQL Global Development Group"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925"
},
{
"name" : "https://www.postgresql.org/about/news/1878/",
"refsource" : "CONFIRM",
"url" : "https://www.postgresql.org/about/news/1878/"
},
{
"name" : "DSA-4269",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4269"
},
{
"name" : "GLSA-201810-08",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201810-08"
},
{
"name" : "RHSA-2018:2511",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2511"
},
{
"name" : "RHSA-2018:2565",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2565"
},
{
"name" : "RHSA-2018:2566",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2566"
},
{
"name" : "RHSA-2018:3816",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3816"
},
{
"name" : "USN-3744-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3744-1/"
},
{
"name" : "105052",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105052"
},
{
"name" : "1041446",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041446"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with \"INSERT ... ON CONFLICT DO UPDATE\". An attacker with \"CREATE TABLE\" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain \"INSERT\" and limited \"UPDATE\" privileges to a particular table, they could exploit this to update other columns in the same table."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201810-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-08"
},
{
"name": "DSA-4269",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4269"
},
{
"name": "105052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105052"
},
{
"name": "RHSA-2018:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2511"
},
{
"name": "USN-3744-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3744-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925"
},
{
"name": "RHSA-2018:2566",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2566"
},
{
"name": "RHSA-2018:2565",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2565"
},
{
"name": "RHSA-2018:3816",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3816"
},
{
"name": "https://www.postgresql.org/about/news/1878/",
"refsource": "CONFIRM",
"url": "https://www.postgresql.org/about/news/1878/"
},
{
"name": "1041446",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041446"
}
]
}
}

158
2018/10xxx/CVE-2018-10994.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea",
"refsource" : "MISC",
"url" : "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea"
},
{
"name" : "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1",
"refsource" : "MISC",
"url" : "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1"
},
{
"name" : "https://twitter.com/bcrypt/status/995057030304952320",
"refsource" : "MISC",
"url" : "https://twitter.com/bcrypt/status/995057030304952320"
},
{
"name" : "https://twitter.com/lorenzoFB/status/995048605399633926",
"refsource" : "MISC",
"url" : "https://twitter.com/lorenzoFB/status/995048605399633926"
},
{
"name" : "https://twitter.com/ortegaalfredo/status/995940738839056384",
"refsource" : "MISC",
"url" : "https://twitter.com/ortegaalfredo/status/995940738839056384"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/ortegaalfredo/status/995940738839056384",
"refsource": "MISC",
"url": "https://twitter.com/ortegaalfredo/status/995940738839056384"
},
{
"name": "https://twitter.com/bcrypt/status/995057030304952320",
"refsource": "MISC",
"url": "https://twitter.com/bcrypt/status/995057030304952320"
},
{
"name": "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1",
"refsource": "MISC",
"url": "https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1"
},
{
"name": "https://twitter.com/lorenzoFB/status/995048605399633926",
"refsource": "MISC",
"url": "https://twitter.com/lorenzoFB/status/995048605399633926"
},
{
"name": "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea",
"refsource": "MISC",
"url": "https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea"
}
]
}
}

180
2018/12xxx/CVE-2018-12470.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@suse.de",
"DATE_PUBLIC" : "2018-09-27T00:00:00.000Z",
"ID" : "CVE-2018-12470",
"STATE" : "PUBLIC",
"TITLE" : "SQL injection in RegistrationSharing module"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SMT",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "3.0.37"
}
]
}
}
]
},
"vendor_name" : "SUSE Linux"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Jake Miller"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9.8,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2018-09-27T00:00:00.000Z",
"ID": "CVE-2018-12470",
"STATE": "PUBLIC",
"TITLE": "SQL injection in RegistrationSharing module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SMT",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "3.0.37"
}
]
}
}
]
},
"vendor_name": "SUSE Linux"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1103810",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1103810"
}
]
},
"source" : {
"defect" : [
"https://bugzilla.suse.com/show_bug.cgi?id=1103810"
],
"discovery" : "EXTERNAL"
}
}
},
"credit": [
{
"lang": "eng",
"value": "Jake Miller"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL Injection in the RegistrationSharing module of SUSE Linux SMT allows remote attackers to cause execute arbitrary SQL statements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1103810",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1103810"
}
]
},
"source": {
"defect": [
"https://bugzilla.suse.com/show_bug.cgi?id=1103810"
],
"discovery": "EXTERNAL"
}
}

32
2018/13xxx/CVE-2018-13044.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13044",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13044",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2018/13xxx/CVE-2018-13218.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13218",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ICODollar",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ICODollar"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sell function of a smart contract implementation for ICO Dollar (ICOD), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ICODollar",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ICODollar"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md"
}
]
}
}

128
2018/13xxx/CVE-2018-13616.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13616",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for IOCT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IOCT_Coin",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IOCT_Coin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for IOCT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IOCT_Coin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IOCT_Coin"
}
]
}
}

118
2018/17xxx/CVE-2018-17030.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/bigtreecms/BigTree-CMS/issues/342",
"refsource" : "MISC",
"url" : "https://github.com/bigtreecms/BigTree-CMS/issues/342"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bigtreecms/BigTree-CMS/issues/342",
"refsource": "MISC",
"url": "https://github.com/bigtreecms/BigTree-CMS/issues/342"
}
]
}
}

128
2018/17xxx/CVE-2018-17674.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.2.0.9297"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6845."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416: Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-17674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.2.0.9297"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1165/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1165/"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the name property of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6845."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1165/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1165/"
}
]
}
}

128
2018/9xxx/CVE-2018-9126.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9126",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44414",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44414/"
},
{
"name" : "http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote attackers to read the web.config file, and consequently discover database credentials, via the /GetCSS.ashx/?CP=%2fweb.config URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146999/DotNetNuke-DNNarticle-Directory-Traversal.html"
},
{
"name": "44414",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44414/"
}
]
}
}

32
2018/9xxx/CVE-2018-9295.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9295",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9295",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/9xxx/CVE-2018-9396.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9396",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9396",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

158
2018/9xxx/CVE-2018-9568.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2018-9568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2018-9568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-12-01"
},
{
"name" : "RHSA-2019:0512",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0512"
},
{
"name" : "RHSA-2019:0514",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0514"
},
{
"name" : "USN-3880-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3880-2/"
},
{
"name" : "USN-3880-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3880-1/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2019:0512",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0512"
},
{
"name": "USN-3880-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3880-1/"
},
{
"name": "USN-3880-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3880-2/"
},
{
"name": "RHSA-2019:0514",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0514"
},
{
"name": "https://source.android.com/security/bulletin/2018-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-12-01"
}
]
}
}