admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:31:26 +00:00
parent 1413bc8077
commit 5b9b9fa516
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4278 additions and 4273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2003/1xxx/CVE-2003-1290.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1290",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "BEA03-43.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/162"
},
{
"name" : "9034",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9034"
},
{
"name" : "16215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16215"
},
{
"name" : "3064",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3064"
},
{
"name" : "10218",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10218"
},
{
"name" : "18396",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18396"
},
{
"name" : "weblogic-mbeanhome-obtain-information(13752)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13752"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA03-43.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/162"
},
{
"name": "9034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9034"
},
{
"name": "10218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10218"
},
{
"name": "18396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18396"
},
{
"name": "3064",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3064"
},
{
"name": "16215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16215"
},
{
"name": "weblogic-mbeanhome-obtain-information(13752)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13752"
}
]
}
}

150
2003/1xxx/CVE-2003-1465.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030513 Phorum Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/321310"
},
{
"name" : "7569",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7569"
},
{
"name" : "3288",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3288"
},
{
"name" : "phorum-download-directory-traversal(12482)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7569"
},
{
"name": "phorum-download-directory-traversal(12482)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12482"
},
{
"name": "3288",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3288"
},
{
"name": "20030513 Phorum Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/321310"
}
]
}
}

140
2003/1xxx/CVE-2003-1552.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030304 uploader.php script",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/313819/30/25640/threaded"
},
{
"name" : "20030304 uploader.php vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/313787/30/25670/threaded"
},
{
"name" : "uploader-uploads-file-upload(11467)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11467"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030304 uploader.php script",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/313819/30/25640/threaded"
},
{
"name": "uploader-uploads-file-upload(11467)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11467"
},
{
"name": "20030304 uploader.php vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/313787/30/25670/threaded"
}
]
}
}

34
2004/0xxx/CVE-2004-0019.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0019",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0019",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2004/0xxx/CVE-2004-0140.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0140",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2004-0140",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none."
}
]
}
}

140
2004/0xxx/CVE-2004-0527.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "10383",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10383"
},
{
"name" : "6579",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6579"
},
{
"name" : "ie-ahref-url-spoofing(16102)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified \"alt\" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a \"phishing\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6579",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6579"
},
{
"name": "ie-ahref-url-spoofing(16102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16102"
},
{
"name": "10383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10383"
}
]
}
}

140
2004/0xxx/CVE-2004-0704.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0704",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040710 [BUGZILLA] Multiple vulnerabilities in Bugzilla 2.16.5 and 2.17.7",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108965446813639&w=2"
},
{
"name" : "bugzilla-product-name-disclosure(16671)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16671"
},
{
"name" : "10698",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10698"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10698"
},
{
"name": "20040710 [BUGZILLA] Multiple vulnerabilities in Bugzilla 2.16.5 and 2.17.7",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108965446813639&w=2"
},
{
"name": "bugzilla-product-name-disclosure(16671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16671"
}
]
}
}

230
2004/0xxx/CVE-2004-0772.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0772",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt",
"refsource" : "CONFIRM",
"url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt"
},
{
"name" : "TA04-247A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-247A.html"
},
{
"name" : "VU#350792",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/350792"
},
{
"name" : "CLA-2004:860",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860"
},
{
"name" : "DSA-543",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-543"
},
{
"name" : "GLSA-200409-09",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml"
},
{
"name" : "MDKSA-2004:088",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:088"
},
{
"name" : "2004-0045",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.net/errata/2004/0045/"
},
{
"name" : "20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109508872524753&w=2"
},
{
"name" : "11078",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11078"
},
{
"name" : "oval:org.mitre.oval:def:4661",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661"
},
{
"name" : "kerberos-krb524d-double-free(17158)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2004:860",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000860"
},
{
"name": "kerberos-krb524d-double-free(17158)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17158"
},
{
"name": "VU#350792",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/350792"
},
{
"name": "2004-0045",
"refsource": "TRUSTIX",
"url": "http://www.trustix.net/errata/2004/0045/"
},
{
"name": "DSA-543",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-543"
},
{
"name": "TA04-247A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-247A.html"
},
{
"name": "GLSA-200409-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-09.xml"
},
{
"name": "20040913 [OpenPKG-SA-2004.039] OpenPKG Security Advisory (kerberos)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109508872524753&w=2"
},
{
"name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2004-002-dblfree.txt"
},
{
"name": "MDKSA-2004:088",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:088"
},
{
"name": "oval:org.mitre.oval:def:4661",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4661"
},
{
"name": "11078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11078"
}
]
}
}

330
2004/0xxx/CVE-2004-0914.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0914",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch",
"refsource" : "CONFIRM",
"url" : "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch"
},
{
"name" : "DSA-607",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-607"
},
{
"name" : "FEDORA-2004-433",
"refsource" : "FEDORA",
"url" : "http://www.linuxsecurity.com/content/view/106877/102/"
},
{
"name" : "FLSA-2006:152803",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
},
{
"name" : "GLSA-200411-28",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml"
},
{
"name" : "GLSA-200502-06",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml"
},
{
"name" : "GLSA-200502-07",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
},
{
"name" : "HPSBTU01228",
"refsource" : "HP",
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228"
},
{
"name" : "MDKSA-2004:137",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137"
},
{
"name" : "RHSA-2004:537",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2004-537.html"
},
{
"name" : "RHSA-2005:004",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-004.html"
},
{
"name" : "RHSA-2004:610",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-610.html"
},
{
"name" : "USN-83-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-83-1"
},
{
"name" : "USN-83-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-83-2"
},
{
"name" : "11694",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11694"
},
{
"name" : "oval:org.mitre.oval:def:9943",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943"
},
{
"name" : "13224",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13224/"
},
{
"name" : "libxpm-image-bo(18142)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142"
},
{
"name" : "libxpm-improper-memory-access(18144)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144"
},
{
"name" : "libxpm-command-execution(18145)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145"
},
{
"name" : "libxpm-directory-traversal(18146)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146"
},
{
"name" : "libxpm-dos(18147)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:004",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-004.html"
},
{
"name": "libxpm-directory-traversal(18146)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18146"
},
{
"name": "USN-83-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-83-1"
},
{
"name": "RHSA-2004:537",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2004-537.html"
},
{
"name": "libxpm-image-bo(18142)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18142"
},
{
"name": "13224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13224/"
},
{
"name": "oval:org.mitre.oval:def:9943",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9943"
},
{
"name": "FEDORA-2004-433",
"refsource": "FEDORA",
"url": "http://www.linuxsecurity.com/content/view/106877/102/"
},
{
"name": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch",
"refsource": "CONFIRM",
"url": "http://www.x.org/pub/X11R6.8.1/patches/README.xorg-681-CAN-2004-0914.patch"
},
{
"name": "RHSA-2004:610",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-610.html"
},
{
"name": "libxpm-improper-memory-access(18144)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18144"
},
{
"name": "GLSA-200502-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml"
},
{
"name": "FLSA-2006:152803",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html"
},
{
"name": "DSA-607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-607"
},
{
"name": "11694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11694"
},
{
"name": "GLSA-200502-06",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-06.xml"
},
{
"name": "USN-83-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-83-2"
},
{
"name": "HPSBTU01228",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01228"
},
{
"name": "MDKSA-2004:137",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:137"
},
{
"name": "GLSA-200411-28",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-28.xml"
},
{
"name": "libxpm-dos(18147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18147"
},
{
"name": "libxpm-command-execution(18145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18145"
}
]
}
}

200
2004/1xxx/CVE-2004-1036.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1036",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041110 [SquirrelMail Security Advisory] Cross Site Scripting in encoded text",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110012133608004&w=2"
},
{
"name" : "http://www.squirrelmail.org/",
"refsource" : "CONFIRM",
"url" : "http://www.squirrelmail.org/"
},
{
"name" : "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff",
"refsource" : "CONFIRM",
"url" : "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff"
},
{
"name" : "APPLE-SA-2005-01-25",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html"
},
{
"name" : "APPLE-SA-2005-03-21",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name" : "CLA-2004:905",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905"
},
{
"name" : "GLSA-200411-25",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml"
},
{
"name" : "oval:org.mitre.oval:def:9592",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592"
},
{
"name" : "squirrelmail-mime-xss(18031)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18031"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2005-01-25",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html"
},
{
"name": "GLSA-200411-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-25.xml"
},
{
"name": "squirrelmail-mime-xss(18031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18031"
},
{
"name": "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff",
"refsource": "CONFIRM",
"url": "http://voxel.dl.sourceforge.net/sourceforge/squirrelmail/sm143a-xss.diff"
},
{
"name": "http://www.squirrelmail.org/",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/"
},
{
"name": "APPLE-SA-2005-03-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "oval:org.mitre.oval:def:9592",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9592"
},
{
"name": "CLA-2004:905",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000905"
},
{
"name": "20041110 [SquirrelMail Security Advisory] Cross Site Scripting in encoded text",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110012133608004&w=2"
}
]
}
}

190
2004/1xxx/CVE-2004-1487.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1487",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a \"..\" that resolves to the IP address of the malicious server, which bypasses wget's filtering for \"..\" sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110269474112384&w=2"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755"
},
{
"name" : "RHSA-2005:771",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-771.html"
},
{
"name" : "USN-145-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/145-1/"
},
{
"name" : "11871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11871"
},
{
"name" : "oval:org.mitre.oval:def:11682",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682"
},
{
"name" : "1012472",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1012472"
},
{
"name" : "wget-file-overwrite(18420)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18420"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a \"..\" that resolves to the IP address of the malicious server, which bypasses wget's filtering for \"..\" sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:771",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-771.html"
},
{
"name": "11871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11871"
},
{
"name": "20041209 wget: Arbitrary file overwriting/appending/creating and other vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110269474112384&w=2"
},
{
"name": "USN-145-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/145-1/"
},
{
"name": "wget-file-overwrite(18420)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18420"
},
{
"name": "oval:org.mitre.oval:def:11682",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11682"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261755"
},
{
"name": "1012472",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012472"
}
]
}
}

170
2004/1xxx/CVE-2004-1616.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1616",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041018 Web browsers - a mini-farce",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109811406620511&w=2"
},
{
"name" : "20041018 Web browsers - a mini-farce",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html"
},
{
"name" : "http://lcamtuf.coredump.cx/mangleme/gallery/",
"refsource" : "MISC",
"url" : "http://lcamtuf.coredump.cx/mangleme/gallery/"
},
{
"name" : "11442",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11442"
},
{
"name" : "1011808",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011808"
},
{
"name" : "links-large-table-dos(17803)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17803"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041018 Web browsers - a mini-farce",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109811406620511&w=2"
},
{
"name": "20041018 Web browsers - a mini-farce",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html"
},
{
"name": "1011808",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011808"
},
{
"name": "11442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11442"
},
{
"name": "links-large-table-dos(17803)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17803"
},
{
"name": "http://lcamtuf.coredump.cx/mangleme/gallery/",
"refsource": "MISC",
"url": "http://lcamtuf.coredump.cx/mangleme/gallery/"
}
]
}
}

170
2004/1xxx/CVE-2004-1797.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.freznoshop.com/changelog_en.htm",
"refsource" : "CONFIRM",
"url" : "http://www.freznoshop.com/changelog_en.htm"
},
{
"name" : "9359",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9359"
},
{
"name" : "3335",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3335"
},
{
"name" : "1008606",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1008606"
},
{
"name" : "10547",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10547"
},
{
"name" : "freznoshop-searchphp-xss(14147)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9359"
},
{
"name": "freznoshop-searchphp-xss(14147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14147"
},
{
"name": "1008606",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008606"
},
{
"name": "http://www.freznoshop.com/changelog_en.htm",
"refsource": "CONFIRM",
"url": "http://www.freznoshop.com/changelog_en.htm"
},
{
"name": "10547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10547"
},
{
"name": "3335",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3335"
}
]
}
}

150
2004/2xxx/CVE-2004-2062.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040728 AntiBoard <= 0.7.2 XSS/SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109105610220965&w=2"
},
{
"name" : "10821",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10821"
},
{
"name" : "12137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12137"
},
{
"name" : "antiboard-get-sql-injection(16828)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16828"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10821"
},
{
"name": "20040728 AntiBoard <= 0.7.2 XSS/SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109105610220965&w=2"
},
{
"name": "12137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12137"
},
{
"name": "antiboard-get-sql-injection(16828)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16828"
}
]
}
}

180
2004/2xxx/CVE-2004-2475.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040917 GoogleToolbar:About -- Allows Script Injection",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-09/0226.html"
},
{
"name" : "20040918 Re: GoogleToolbar:About -- Allows Script Injection",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0629.html"
},
{
"name" : "20040918 Re: GoogleToolbar:About -- Allows Script Injection",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0639.html"
},
{
"name" : "11210",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11210"
},
{
"name" : "10037",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/10037"
},
{
"name" : "1011351",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011351"
},
{
"name" : "google-toolbar-about-code-execution(17435)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17435"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1011351",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011351"
},
{
"name": "11210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11210"
},
{
"name": "google-toolbar-about-code-execution(17435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17435"
},
{
"name": "20040918 Re: GoogleToolbar:About -- Allows Script Injection",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0629.html"
},
{
"name": "20040917 GoogleToolbar:About -- Allows Script Injection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0226.html"
},
{
"name": "10037",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10037"
},
{
"name": "20040918 Re: GoogleToolbar:About -- Allows Script Injection",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0639.html"
}
]
}
}

170
2004/2xxx/CVE-2004-2695.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securiteam.com/unixfocus/5BP0E15E0M.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/unixfocus/5BP0E15E0M.html"
},
{
"name" : "http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3379",
"refsource" : "CONFIRM",
"url" : "http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3379"
},
{
"name" : "http://www.vbulletin.com/forum/showthread.php?t=124876",
"refsource" : "CONFIRM",
"url" : "http://www.vbulletin.com/forum/showthread.php?t=124876"
},
{
"name" : "11193",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11193"
},
{
"name" : "12531",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12531/"
},
{
"name" : "vbulletin-itemnumber-sql-injection(17365)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17365"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12531/"
},
{
"name": "11193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11193"
},
{
"name": "http://www.vbulletin.com/forum/showthread.php?t=124876",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/showthread.php?t=124876"
},
{
"name": "vbulletin-itemnumber-sql-injection(17365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17365"
},
{
"name": "http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3379",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/bugs.php?do=view&bugid=3379"
},
{
"name": "http://www.securiteam.com/unixfocus/5BP0E15E0M.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5BP0E15E0M.html"
}
]
}
}

140
2008/2xxx/CVE-2008-2003.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080424 DDIVRT-2008-11 BadBlue uninst.exe DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491282/100/0/threaded"
},
{
"name" : "3832",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3832"
},
{
"name" : "badblue-multiple-weak-security(42090)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42090"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BadBlue 2.72 Personal Edition stores multiple programs in the web document root with insufficient access control, which allows remote attackers to (1) cause a denial of service via multiple invocations of uninst.exe, and have an unknown impact via (2) badblue.exe and (3) dyndns.exe. NOTE: this can be leveraged for arbitrary remote code execution in conjunction with CVE-2007-6378."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3832",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3832"
},
{
"name": "badblue-multiple-weak-security(42090)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42090"
},
{
"name": "20080424 DDIVRT-2008-11 BadBlue uninst.exe DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491282/100/0/threaded"
}
]
}
}

180
2008/2xxx/CVE-2008-2199.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2199",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080505 [ECHO_ADV_94$2008] Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491609/100/0/threaded"
},
{
"name" : "5545",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5545"
},
{
"name" : "http://advisories.echo.or.id/adv/adv94-K-159-2008.txt",
"refsource" : "MISC",
"url" : "http://advisories.echo.or.id/adv/adv94-K-159-2008.txt"
},
{
"name" : "29044",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29044"
},
{
"name" : "30087",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30087"
},
{
"name" : "3878",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3878"
},
{
"name" : "kmitamail-htmlcode-file-include(42187)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42187"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29044"
},
{
"name": "30087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30087"
},
{
"name": "3878",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3878"
},
{
"name": "20080505 [ECHO_ADV_94$2008] Kmita Mail <= 3.0 (file) Remote File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491609/100/0/threaded"
},
{
"name": "kmitamail-htmlcode-file-include(42187)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42187"
},
{
"name": "http://advisories.echo.or.id/adv/adv94-K-159-2008.txt",
"refsource": "MISC",
"url": "http://advisories.echo.or.id/adv/adv94-K-159-2008.txt"
},
{
"name": "5545",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5545"
}
]
}
}

580
2008/2xxx/CVE-2008-2327.json
View File

@ -1,292 +1,292 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2327",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080905 rPSA-2008-0268-1 libtiff",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496033/100/0/threaded"
},
{
"name" : "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
"refsource" : "MISC",
"url" : "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"name" : "http://security-tracker.debian.net/tracker/CVE-2008-2327",
"refsource" : "CONFIRM",
"url" : "http://security-tracker.debian.net/tracker/CVE-2008-2327"
},
{
"name" : "http://security-tracker.debian.net/tracker/DSA-1632-1",
"refsource" : "CONFIRM",
"url" : "http://security-tracker.debian.net/tracker/DSA-1632-1"
},
{
"name" : "http://security-tracker.debian.net/tracker/DTSA-160-1",
"refsource" : "CONFIRM",
"url" : "http://security-tracker.debian.net/tracker/DTSA-160-1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=458674",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=458674"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=234080",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=234080"
},
{
"name" : "http://support.apple.com/kb/HT3298",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3298"
},
{
"name" : "http://support.apple.com/kb/HT3318",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3318"
},
{
"name" : "http://support.apple.com/kb/HT3276",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3276"
},
{
"name" : "APPLE-SA-2008-09-15",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name" : "APPLE-SA-2008-11-13",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"name" : "APPLE-SA-2008-11-20",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name" : "DSA-1632",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1632"
},
{
"name" : "FEDORA-2008-7370",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html"
},
{
"name" : "FEDORA-2008-7388",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html"
},
{
"name" : "GLSA-200809-07",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200809-07.xml"
},
{
"name" : "MDVSA-2008:184",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:184"
},
{
"name" : "RHSA-2008:0847",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0847.html"
},
{
"name" : "RHSA-2008:0848",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0848.html"
},
{
"name" : "RHSA-2008:0863",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0863.html"
},
{
"name" : "265030",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1"
},
{
"name" : "SUSE-SR:2008:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name" : "USN-639-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-639-1"
},
{
"name" : "TA08-260A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name" : "30832",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30832"
},
{
"name" : "oval:org.mitre.oval:def:11489",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489"
},
{
"name" : "oval:org.mitre.oval:def:5514",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514"
},
{
"name" : "32706",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32706"
},
{
"name" : "ADV-2008-2438",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2438"
},
{
"name" : "ADV-2008-2584",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name" : "ADV-2008-2971",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2971"
},
{
"name" : "ADV-2008-3232",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name" : "ADV-2008-3107",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3107"
},
{
"name" : "ADV-2008-2776",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2776"
},
{
"name" : "1020750",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020750"
},
{
"name" : "31610",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31610"
},
{
"name" : "31623",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31623"
},
{
"name" : "31668",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31668"
},
{
"name" : "31670",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31670"
},
{
"name" : "31698",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31698"
},
{
"name" : "31882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31882"
},
{
"name" : "31838",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31838"
},
{
"name" : "32756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32756"
},
{
"name" : "31982",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31982"
},
{
"name" : "ADV-2009-2143",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2143"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, and (3) LZWDecodeVector functions in tif_lzw.c in the LZW decoder in LibTIFF 3.8.2 and earlier allow context-dependent attackers to execute arbitrary code via a crafted TIFF file, related to improper handling of the CODE_CLEAR code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "265030",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265030-1"
},
{
"name": "31670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31670"
},
{
"name": "MDVSA-2008:184",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:184"
},
{
"name": "APPLE-SA-2008-11-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"name": "20080905 rPSA-2008-0268-1 libtiff",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496033/100/0/threaded"
},
{
"name": "31838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31838"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=234080",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=234080"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "31982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31982"
},
{
"name": "31698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31698"
},
{
"name": "FEDORA-2008-7388",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00121.html"
},
{
"name": "ADV-2008-2971",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "ADV-2008-2776",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2776"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
"refsource": "MISC",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"name": "RHSA-2008:0863",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0863.html"
},
{
"name": "APPLE-SA-2008-11-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "31623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31623"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "http://security-tracker.debian.net/tracker/CVE-2008-2327",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.net/tracker/CVE-2008-2327"
},
{
"name": "1020750",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020750"
},
{
"name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"name": "ADV-2008-3107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3107"
},
{
"name": "31610",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31610"
},
{
"name": "30832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30832"
},
{
"name": "http://security-tracker.debian.net/tracker/DTSA-160-1",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.net/tracker/DTSA-160-1"
},
{
"name": "oval:org.mitre.oval:def:11489",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11489"
},
{
"name": "SUSE-SR:2008:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "ADV-2008-3232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "RHSA-2008:0848",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0848.html"
},
{
"name": "31668",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31668"
},
{
"name": "ADV-2009-2143",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2143"
},
{
"name": "32706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32706"
},
{
"name": "oval:org.mitre.oval:def:5514",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5514"
},
{
"name": "DSA-1632",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1632"
},
{
"name": "http://support.apple.com/kb/HT3318",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "http://security-tracker.debian.net/tracker/DSA-1632-1",
"refsource": "CONFIRM",
"url": "http://security-tracker.debian.net/tracker/DSA-1632-1"
},
{
"name": "http://support.apple.com/kb/HT3298",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3298"
},
{
"name": "USN-639-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-639-1"
},
{
"name": "RHSA-2008:0847",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0847.html"
},
{
"name": "http://support.apple.com/kb/HT3276",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3276"
},
{
"name": "ADV-2008-2438",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2438"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=458674",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458674"
},
{
"name": "32756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32756"
},
{
"name": "GLSA-200809-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-07.xml"
},
{
"name": "FEDORA-2008-7370",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00102.html"
}
]
}
}

160
2008/2xxx/CVE-2008-2484.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2484",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the email parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5673",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5673"
},
{
"name" : "29358",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29358"
},
{
"name" : "ADV-2008-1644",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1644/references"
},
{
"name" : "30374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30374"
},
{
"name" : "xomolcms-index-sql-injection(42631)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42631"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the email parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5673",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5673"
},
{
"name": "ADV-2008-1644",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1644/references"
},
{
"name": "29358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29358"
},
{
"name": "xomolcms-index-sql-injection(42631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42631"
},
{
"name": "30374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30374"
}
]
}
}

170
2008/2xxx/CVE-2008-2519.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2519",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://vuln.sg/coreftp211565-en.html",
"refsource" : "MISC",
"url" : "http://vuln.sg/coreftp211565-en.html"
},
{
"name" : "http://www.coreftp.com/forums/viewtopic.php?t=6078",
"refsource" : "CONFIRM",
"url" : "http://www.coreftp.com/forums/viewtopic.php?t=6078"
},
{
"name" : "29362",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29362"
},
{
"name" : "ADV-2008-1643",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1643/references"
},
{
"name" : "30389",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30389"
},
{
"name" : "coreftp-list-directory-traversal(42605)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42605"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Core FTP client 2.1 Build 1565 allows remote FTP servers to create or overwrite arbitrary files via .. (dot dot) sequences in responses to LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coreftp-list-directory-traversal(42605)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42605"
},
{
"name": "http://vuln.sg/coreftp211565-en.html",
"refsource": "MISC",
"url": "http://vuln.sg/coreftp211565-en.html"
},
{
"name": "29362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29362"
},
{
"name": "ADV-2008-1643",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1643/references"
},
{
"name": "30389",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30389"
},
{
"name": "http://www.coreftp.com/forums/viewtopic.php?t=6078",
"refsource": "CONFIRM",
"url": "http://www.coreftp.com/forums/viewtopic.php?t=6078"
}
]
}
}

570
2008/2xxx/CVE-2008-2801.json
View File

@ -1,287 +1,287 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080708 rPSA-2008-0216-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
},
{
"name" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
},
{
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-23.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-23.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=418996",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=418996"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=424188",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=424188"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=424426",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=424426"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2646",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2646"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
},
{
"name" : "DSA-1607",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1607"
},
{
"name" : "DSA-1615",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1615"
},
{
"name" : "DSA-1697",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1697"
},
{
"name" : "FEDORA-2008-6127",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
},
{
"name" : "FEDORA-2008-6193",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
},
{
"name" : "FEDORA-2008-6196",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
},
{
"name" : "GLSA-200808-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name" : "MDVSA-2008:136",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
},
{
"name" : "RHSA-2008:0547",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
},
{
"name" : "RHSA-2008:0549",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
},
{
"name" : "RHSA-2008:0569",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
},
{
"name" : "RHSA-2008:0616",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"name" : "SSA:2008-191-03",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152"
},
{
"name" : "SSA:2008-191",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911"
},
{
"name" : "256408",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name" : "SUSE-SA:2008:034",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
},
{
"name" : "USN-619-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-619-1"
},
{
"name" : "30038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30038"
},
{
"name" : "oval:org.mitre.oval:def:11810",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11810"
},
{
"name" : "34501",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34501"
},
{
"name" : "31076",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31076"
},
{
"name" : "ADV-2008-1993",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1993/references"
},
{
"name" : "1020419",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020419"
},
{
"name" : "30911",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30911"
},
{
"name" : "30878",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30878"
},
{
"name" : "30898",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30898"
},
{
"name" : "30903",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30903"
},
{
"name" : "30949",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30949"
},
{
"name" : "31005",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31005"
},
{
"name" : "31008",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31008"
},
{
"name" : "31069",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31069"
},
{
"name" : "31023",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31023"
},
{
"name" : "31183",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31183"
},
{
"name" : "31195",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31195"
},
{
"name" : "31377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31377"
},
{
"name" : "31021",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31021"
},
{
"name" : "33433",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33433"
},
{
"name" : "ADV-2009-0977",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0977"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2008:034",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html"
},
{
"name": "RHSA-2008:0549",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0549.html"
},
{
"name": "DSA-1697",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1697"
},
{
"name": "31021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31021"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=418996",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=418996"
},
{
"name": "30898",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30898"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0216",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0216"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=424188",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=424188"
},
{
"name": "oval:org.mitre.oval:def:11810",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11810"
},
{
"name": "https://issues.rpath.com/browse/RPL-2646",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2646"
},
{
"name": "30949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30949"
},
{
"name": "SSA:2008-191-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152"
},
{
"name": "ADV-2009-0977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0977"
},
{
"name": "31069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31069"
},
{
"name": "31008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31008"
},
{
"name": "31377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31377"
},
{
"name": "RHSA-2008:0616",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0616.html"
},
{
"name": "ADV-2008-1993",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1993/references"
},
{
"name": "31023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31023"
},
{
"name": "30038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30038"
},
{
"name": "DSA-1607",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1607"
},
{
"name": "GLSA-200808-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-03.xml"
},
{
"name": "31005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31005"
},
{
"name": "33433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33433"
},
{
"name": "FEDORA-2008-6127",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00207.html"
},
{
"name": "1020419",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020419"
},
{
"name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15"
},
{
"name": "31183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31183"
},
{
"name": "30903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30903"
},
{
"name": "RHSA-2008:0547",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0547.html"
},
{
"name": "FEDORA-2008-6193",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00288.html"
},
{
"name": "256408",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
},
{
"name": "SSA:2008-191",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.384911"
},
{
"name": "DSA-1615",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1615"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=424426",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=424426"
},
{
"name": "31195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31195"
},
{
"name": "31076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31076"
},
{
"name": "USN-619-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-619-1"
},
{
"name": "30911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30911"
},
{
"name": "RHSA-2008:0569",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0569.html"
},
{
"name": "30878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30878"
},
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-23.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-23.html"
},
{
"name": "20080708 rPSA-2008-0216-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494080/100/0/threaded"
},
{
"name": "FEDORA-2008-6196",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00295.html"
},
{
"name": "34501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34501"
},
{
"name": "MDVSA-2008:136",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:136"
}
]
}
}

150
2008/6xxx/CVE-2008-6134.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6134",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/318746",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/318746"
},
{
"name" : "31656",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31656"
},
{
"name" : "32194",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32194"
},
{
"name" : "everyblog-unspecified-sql-injection(45756)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45756"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31656"
},
{
"name": "32194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32194"
},
{
"name": "http://drupal.org/node/318746",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/318746"
},
{
"name": "everyblog-unspecified-sql-injection(45756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45756"
}
]
}
}

150
2008/6xxx/CVE-2008-6232.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6232",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to \"admin\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6998",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6998"
},
{
"name" : "ADV-2008-3017",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3017"
},
{
"name" : "32557",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32557"
},
{
"name" : "preshoppingmall-cookie-auth-bypass(48984)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48984"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pre Shopping Mall allows remote attackers to bypass authentication and gain administrative access by setting the (1) adminname and the (2) adminid cookies to \"admin\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-3017",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3017"
},
{
"name": "6998",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6998"
},
{
"name": "preshoppingmall-cookie-auth-bypass(48984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48984"
},
{
"name": "32557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32557"
}
]
}
}

250
2008/6xxx/CVE-2008-6393.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081223 [ISecAuditors Security Advisories] PSI remote integer overflow DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499563"
},
{
"name" : "7555",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7555"
},
{
"name" : "[oss-security] 20090225 CVE request: Psi <0.12.1 DoS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/02/25/5"
},
{
"name" : "http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html",
"refsource" : "MISC",
"url" : "http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=252830",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=252830"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=658912",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=658912"
},
{
"name" : "DSA-1741",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1741"
},
{
"name" : "FEDORA-2009-2285",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00071.html"
},
{
"name" : "FEDORA-2009-2295",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00080.html"
},
{
"name" : "SUSE-SR:2009:006",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
},
{
"name" : "33311",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33311"
},
{
"name" : "34259",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34259"
},
{
"name" : "34301",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34301"
},
{
"name" : "34119",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34119"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34259"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=252830",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=252830"
},
{
"name": "34301",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34301"
},
{
"name": "7555",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7555"
},
{
"name": "20081223 [ISecAuditors Security Advisories] PSI remote integer overflow DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499563"
},
{
"name": "SUSE-SR:2009:006",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html"
},
{
"name": "FEDORA-2009-2285",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00071.html"
},
{
"name": "[oss-security] 20090225 CVE request: Psi <0.12.1 DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/25/5"
},
{
"name": "http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html",
"refsource": "MISC",
"url": "http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=658912",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=658912"
},
{
"name": "33311",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33311"
},
{
"name": "FEDORA-2009-2295",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00080.html"
},
{
"name": "DSA-1741",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1741"
},
{
"name": "34119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34119"
}
]
}
}

210
2008/6xxx/CVE-2008-6441.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080911 Clients format strings in the Unreal engine",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name" : "20080911 Clients format strings in the Unreal engine",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name" : "http://aluigi.altervista.org/adv/unrealcfs-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name" : "31141",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31141"
},
{
"name" : "48290",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/48290"
},
{
"name" : "48291",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/48291"
},
{
"name" : "31854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31854"
},
{
"name" : "unrealengine-dlmgr-format-string(45088)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name" : "unrealengine-pkg-format-string(45089)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name" : "unrealengine-welcome-format-string(45090)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/48291"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496297/100/0/threaded"
},
{
"name": "31141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31141"
},
{
"name": "20080911 Clients format strings in the Unreal engine",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0190.html"
},
{
"name": "48290",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/48290"
},
{
"name": "31854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31854"
},
{
"name": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/unrealcfs-adv.txt"
},
{
"name": "unrealengine-dlmgr-format-string(45088)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45088"
},
{
"name": "unrealengine-pkg-format-string(45089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45089"
},
{
"name": "unrealengine-welcome-format-string(45090)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45090"
}
]
}
}

170
2008/6xxx/CVE-2008-6581.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7418",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7418"
},
{
"name" : "http://www.phpaddedit.com/page/new/",
"refsource" : "CONFIRM",
"url" : "http://www.phpaddedit.com/page/new/"
},
{
"name" : "32779",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32779"
},
{
"name" : "50674",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/50674"
},
{
"name" : "33124",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33124"
},
{
"name" : "phpaddedit-adminuser-cookie-security-bypass(47264)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47264"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32779"
},
{
"name": "http://www.phpaddedit.com/page/new/",
"refsource": "CONFIRM",
"url": "http://www.phpaddedit.com/page/new/"
},
{
"name": "7418",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7418"
},
{
"name": "50674",
"refsource": "OSVDB",
"url": "http://osvdb.org/50674"
},
{
"name": "phpaddedit-adminuser-cookie-security-bypass(47264)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47264"
},
{
"name": "33124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33124"
}
]
}
}

150
2008/6xxx/CVE-2008-6643.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6643",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080531 LokiCMS Multiple Vulnerabilities through Authorization weakness",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492877/100/0/threaded"
},
{
"name" : "29448",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29448"
},
{
"name" : "45866",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/45866"
},
{
"name" : "lokicms-admin-security-bypass(42766)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42766"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LokiCMS 0.3.4 and possibly earlier versions does not properly restrict access to administrative functions, which allows remote attackers to bypass intended restrictions and modify configuration settings via the LokiACTION parameter in a direct request to admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45866",
"refsource": "OSVDB",
"url": "http://osvdb.org/45866"
},
{
"name": "29448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29448"
},
{
"name": "lokicms-admin-security-bypass(42766)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42766"
},
{
"name": "20080531 LokiCMS Multiple Vulnerabilities through Authorization weakness",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492877/100/0/threaded"
}
]
}
}

140
2012/1xxx/CVE-2012-1220.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1220",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18464",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18464"
},
{
"name" : "47947",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47947"
},
{
"name" : "gazie-adminutente-csrf(72991)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72991"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gazie-adminutente-csrf(72991)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72991"
},
{
"name": "47947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47947"
},
{
"name": "18464",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18464"
}
]
}
}

140
2012/5xxx/CVE-2012-5005.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18418",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18418"
},
{
"name" : "47729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47729"
},
{
"name" : "vrgpub-adminoptions-csrf(72745)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72745"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vrgpub-adminoptions-csrf(72745)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72745"
},
{
"name": "18418",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18418"
},
{
"name": "47729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47729"
}
]
}
}

34
2012/5xxx/CVE-2012-5035.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5035",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5035",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2012/5xxx/CVE-2012-5689.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5689",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.isc.org/article/AA-00855/",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/article/AA-00855/"
},
{
"name" : "http://www.isc.org/software/bind/advisories/cve-2012-5689",
"refsource" : "CONFIRM",
"url" : "http://www.isc.org/software/bind/advisories/cve-2012-5689"
},
{
"name" : "RHSA-2013:0550",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0550.html"
},
{
"name" : "USN-2693-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2693-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/article/AA-00855/",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-00855/"
},
{
"name": "http://www.isc.org/software/bind/advisories/cve-2012-5689",
"refsource": "CONFIRM",
"url": "http://www.isc.org/software/bind/advisories/cve-2012-5689"
},
{
"name": "USN-2693-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2693-1"
},
{
"name": "RHSA-2013:0550",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0550.html"
}
]
}
}

160
2012/5xxx/CVE-2012-5862.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5862",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-5862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120911 Multiple vulnerabilities in Ezylog photovoltaic management server",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html"
},
{
"name" : "21273",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/21273/"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf"
},
{
"name" : "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88",
"refsource" : "CONFIRM",
"url" : "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88"
},
{
"name" : "sinapsi-default-password(80200)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80200"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21273",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/21273/"
},
{
"name": "20120911 Multiple vulnerabilities in Ezylog photovoltaic management server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html"
},
{
"name": "sinapsi-default-password(80200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80200"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf"
},
{
"name": "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88",
"refsource": "CONFIRM",
"url": "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88"
}
]
}
}

34
2017/11xxx/CVE-2017-11314.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11314",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11314",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/11xxx/CVE-2017-11442.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11442",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11442",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

368
2017/15xxx/CVE-2017-15095.json
View File

@ -1,186 +1,186 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2017-06-27T00:00:00",
"ID" : "CVE-2017-15095",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "jackson-databind",
"version" : {
"version_data" : [
{
"version_value" : "before 2.8.10"
},
{
"version_value" : "before 2.9.1"
}
]
}
}
]
},
"vendor_name" : "FasterXML"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-184"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-06-27T00:00:00",
"ID": "CVE-2017-15095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jackson-databind",
"version": {
"version_data": [
{
"version_value": "before 2.8.10"
},
{
"version_value": "before 2.9.1"
}
]
}
}
]
},
"vendor_name": "FasterXML"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/FasterXML/jackson-databind/issues/1680",
"refsource" : "CONFIRM",
"url" : "https://github.com/FasterXML/jackson-databind/issues/1680"
},
{
"name" : "https://github.com/FasterXML/jackson-databind/issues/1737",
"refsource" : "CONFIRM",
"url" : "https://github.com/FasterXML/jackson-databind/issues/1737"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20171214-0003/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20171214-0003/"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "DSA-4037",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4037"
},
{
"name" : "RHSA-2017:3189",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3189"
},
{
"name" : "RHSA-2017:3190",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3190"
},
{
"name" : "RHSA-2018:0342",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0342"
},
{
"name" : "RHSA-2018:0478",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0478"
},
{
"name" : "RHSA-2018:0479",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0479"
},
{
"name" : "RHSA-2018:0480",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0480"
},
{
"name" : "RHSA-2018:0481",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0481"
},
{
"name" : "RHSA-2018:0576",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0576"
},
{
"name" : "RHSA-2018:0577",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0577"
},
{
"name" : "RHSA-2018:1447",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1447"
},
{
"name" : "RHSA-2018:1448",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1448"
},
{
"name" : "RHSA-2018:1449",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"name" : "RHSA-2018:1450",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"name" : "RHSA-2018:1451",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1451"
},
{
"name" : "RHSA-2018:2927",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"name" : "103880",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103880"
},
{
"name" : "1039769",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039769"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-184"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1448",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1448"
},
{
"name": "103880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103880"
},
{
"name": "RHSA-2018:0479",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0479"
},
{
"name": "RHSA-2018:0481",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0481"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "RHSA-2018:1449",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1449"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171214-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171214-0003/"
},
{
"name": "RHSA-2018:1450",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1450"
},
{
"name": "RHSA-2018:0577",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0577"
},
{
"name": "RHSA-2018:0576",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0576"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "RHSA-2017:3190",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3190"
},
{
"name": "RHSA-2018:1451",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1451"
},
{
"name": "RHSA-2017:3189",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3189"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2018:2927",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2927"
},
{
"name": "1039769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039769"
},
{
"name": "RHSA-2018:0342",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0342"
},
{
"name": "RHSA-2018:0480",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0480"
},
{
"name": "RHSA-2018:1447",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1447"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/1737",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/1737"
},
{
"name": "RHSA-2018:0478",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0478"
},
{
"name": "DSA-4037",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4037"
},
{
"name": "https://github.com/FasterXML/jackson-databind/issues/1680",
"refsource": "CONFIRM",
"url": "https://github.com/FasterXML/jackson-databind/issues/1680"
}
]
}
}

34
2017/15xxx/CVE-2017-15469.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15469",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15469",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

34
2017/15xxx/CVE-2017-15510.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15510",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15510",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

130
2017/15xxx/CVE-2017-15622.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
},
{
"name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt",
"refsource" : "MISC",
"url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_client.lua file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt",
"refsource": "MISC",
"url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt"
},
{
"name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
}
]
}
}

150
2017/3xxx/CVE-2017-3185.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ACTi D, B, I, and E series cameras",
"version" : {
"version_data" : [
{
"version_value" : "A1D-500-V6.11.31-AC"
}
]
}
}
]
},
"vendor_name" : "ACTi Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-598: Information Exposure Through Query Strings in GET Request"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ACTi D, B, I, and E series cameras",
"version": {
"version_data": [
{
"version_value": "A1D-500-V6.11.31-AC"
}
]
}
}
]
},
"vendor_name": "ACTi Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://twitter.com/Hfuhs/status/839252357221330944",
"refsource" : "MISC",
"url" : "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name" : "https://twitter.com/hack3rsca/status/839599437907386368",
"refsource" : "MISC",
"url" : "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name" : "VU#355151",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/355151"
},
{
"name" : "96720",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96720/info"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC have a web application that uses the GET method to process requests that contain sensitive information such as user account name and password, which can expose that information through the browser's history, referrers, web logs, and other sources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-598: Information Exposure Through Query Strings in GET Request"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/hack3rsca/status/839599437907386368",
"refsource": "MISC",
"url": "https://twitter.com/hack3rsca/status/839599437907386368"
},
{
"name": "96720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96720/info"
},
{
"name": "https://twitter.com/Hfuhs/status/839252357221330944",
"refsource": "MISC",
"url": "https://twitter.com/Hfuhs/status/839252357221330944"
},
{
"name": "VU#355151",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/355151"
}
]
}
}

34
2017/3xxx/CVE-2017-3909.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3909",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-3909",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2017/8xxx/CVE-2017-8316.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@checkpoint.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-8316",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "IntelliJ IDEA",
"version" : {
"version_data" : [
{
"version_value" : "<173"
}
]
}
}
]
},
"vendor_name" : "JetBrains"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XEE in XML parser"
}
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-8316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliJ IDEA",
"version": {
"version_data": [
{
"version_value": "<173"
}
]
}
}
]
},
"vendor_name": "JetBrains"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/",
"refsource" : "MISC",
"url" : "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"
},
{
"name" : "https://youtrack.jetbrains.com/issue/IDEA-175381",
"refsource" : "MISC",
"url" : "https://youtrack.jetbrains.com/issue/IDEA-175381"
},
{
"name" : "http://git.jetbrains.org/?p=idea/adt-tools-base.git;a=commit;h=a778b2b88515513654e002cd51cbe8eb8226e96b",
"refsource" : "CONFIRM",
"url" : "http://git.jetbrains.org/?p=idea/adt-tools-base.git;a=commit;h=a778b2b88515513654e002cd51cbe8eb8226e96b"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XEE in XML parser"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.jetbrains.org/?p=idea/adt-tools-base.git;a=commit;h=a778b2b88515513654e002cd51cbe8eb8226e96b",
"refsource": "CONFIRM",
"url": "http://git.jetbrains.org/?p=idea/adt-tools-base.git;a=commit;h=a778b2b88515513654e002cd51cbe8eb8226e96b"
},
{
"name": "https://youtrack.jetbrains.com/issue/IDEA-175381",
"refsource": "MISC",
"url": "https://youtrack.jetbrains.com/issue/IDEA-175381"
},
{
"name": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/",
"refsource": "MISC",
"url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/"
}
]
}
}

120
2018/12xxx/CVE-2018-12608.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/moby/moby/pull/33182",
"refsource" : "MISC",
"url" : "https://github.com/moby/moby/pull/33182"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/moby/moby/pull/33182",
"refsource": "MISC",
"url": "https://github.com/moby/moby/pull/33182"
}
]
}
}

140
2018/12xxx/CVE-2018-12810.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-12810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "memory corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-12810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6",
"version": {
"version_data": [
{
"version_value": "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/photoshop/apsb18-28.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/photoshop/apsb18-28.html"
},
{
"name" : "105123",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105123"
},
{
"name" : "1041599",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041599"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memory corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105123",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105123"
},
{
"name": "https://helpx.adobe.com/security/products/photoshop/apsb18-28.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/photoshop/apsb18-28.html"
},
{
"name": "1041599",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041599"
}
]
}
}

120
2018/12xxx/CVE-2018-12925.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12925",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Baseon Lantronix MSS devices do not require a password for TELNET access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.seebug.org/vuldb/ssvid-97375",
"refsource" : "MISC",
"url" : "https://www.seebug.org/vuldb/ssvid-97375"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Baseon Lantronix MSS devices do not require a password for TELNET access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.seebug.org/vuldb/ssvid-97375",
"refsource": "MISC",
"url": "https://www.seebug.org/vuldb/ssvid-97375"
}
]
}
}

120
2018/12xxx/CVE-2018-12927.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12927",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.seebug.org/vuldb/ssvid-97377",
"refsource" : "MISC",
"url" : "https://www.seebug.org/vuldb/ssvid-97377"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.seebug.org/vuldb/ssvid-97377",
"refsource": "MISC",
"url": "https://www.seebug.org/vuldb/ssvid-97377"
}
]
}
}

145
2018/13xxx/CVE-2018-13100.json
View File

@ -1,72 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.kernel.org/show_bug.cgi?id=200183",
"refsource" : "MISC",
"url" : "https://bugzilla.kernel.org/show_bug.cgi?id=200183"
},
{
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d",
"refsource" : "MISC",
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d"
},
{
"name" : "104679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104679"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104679"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=977f9bb558cb4a95d53b10301f5c739ed8867d4d"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200183",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200183"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
}
]
}
}

130
2018/13xxx/CVE-2018-13181.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13181",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Troo",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Troo"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for Troo, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Troo",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Troo"
}
]
}
}

130
2018/13xxx/CVE-2018-13754.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for CryptosisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptosisToken",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptosisToken"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for CryptosisToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptosisToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CryptosisToken"
}
]
}
}

34
2018/13xxx/CVE-2018-13987.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13987",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13987",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/16xxx/CVE-2018-16301.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16301",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16301",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/16xxx/CVE-2018-16567.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16567",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16567",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/16xxx/CVE-2018-16832.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16832",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ysrc/xunfeng/issues/177",
"refsource" : "MISC",
"url" : "https://github.com/ysrc/xunfeng/issues/177"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of the X-Forwarded-Host HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ysrc/xunfeng/issues/177",
"refsource": "MISC",
"url": "https://github.com/ysrc/xunfeng/issues/177"
}
]
}
}

34
2018/17xxx/CVE-2018-17276.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17276",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17276",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

34
2018/17xxx/CVE-2018-17496.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17496",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17496",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/17xxx/CVE-2018-17666.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17666",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.2.0.9297"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportData method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6520."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416: Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-17666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.2.0.9297"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1174/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1174/"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportData method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6520."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1174/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1174/"
}
]
}
}

34
2018/17xxx/CVE-2018-17773.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17773",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17773",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/17xxx/CVE-2018-17868.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DASAN H660GW devices have Stored XSS in the Port Forwarding functionality."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/",
"refsource" : "MISC",
"url" : "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DASAN H660GW devices have Stored XSS in the Port Forwarding functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/",
"refsource": "MISC",
"url": "https://wojciechregula.blog/authenticated-rce-in-dasan-routers/"
}
]
}
}