admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:36:08 +00:00
parent b099783878
commit 5d891dbe40
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3508 additions and 3508 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/0xxx/CVE-2002-0250.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0250", "ID": "CVE-2002-0250",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101318469216213&w=2" "lang": "eng",
}, "value": "Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password."
{ }
"name" : "HPSBUX0202-185", ]
"refsource" : "HP", },
"url" : "http://online.securityfocus.com/advisories/3870" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4062", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4062" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "hp-advancestack-bypass-auth(8124)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/8124.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101318469216213&w=2"
},
{
"name": "hp-advancestack-bypass-auth(8124)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8124.php"
},
{
"name": "HPSBUX0202-185",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/3870"
},
{
"name": "4062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4062"
}
]
}
}

160
2002/0xxx/CVE-2002-0599.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0599", "ID": "CVE-2002-0599",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020428 Blahz-DNS: Authentication bypass vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0395.html" "lang": "eng",
}, "value": "Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen."
{ }
"name" : "http://sourceforge.net/project/shownotes.php?release_id=87004", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/project/shownotes.php?release_id=87004" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4618", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4618" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "blahzdns-auth-bypass(8951)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/8951.php" ]
}, },
{ "references": {
"name" : "5178", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5178" "name": "5178",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/5178"
} },
} {
"name": "http://sourceforge.net/project/shownotes.php?release_id=87004",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=87004"
},
{
"name": "blahzdns-auth-bypass(8951)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8951.php"
},
{
"name": "20020428 Blahz-DNS: Authentication bypass vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0395.html"
},
{
"name": "4618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4618"
}
]
}
}

160
2002/0xxx/CVE-2002-0629.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0629", "ID": "CVE-2002-0629",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products", "description_data": [
"refsource" : "ISS", {
"url" : "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089" "lang": "eng",
}, "value": "The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via multiple connections to the server."
{ }
"name" : "http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "M-123", "description": [
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/m-123.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "viewstation-telnet-login-dos(9349)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/9349.php" ]
}, },
{ "references": {
"name" : "5636", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5636" "name": "viewstation-telnet-login-dos(9349)",
} "refsource": "XF",
] "url": "http://www.iss.net/security_center/static/9349.php"
} },
} {
"name": "20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products",
"refsource": "ISS",
"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089"
},
{
"name": "http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf",
"refsource": "CONFIRM",
"url": "http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf"
},
{
"name": "5636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5636"
},
{
"name": "M-123",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-123.shtml"
}
]
}
}

34
2002/0xxx/CVE-2002-0635.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2002-0635", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2002-0635",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none."
} }
] ]
} }
} }

180
2002/1xxx/CVE-2002-1056.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1056", "ID": "CVE-2002-1056",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020331 More Office XP Problems", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101760380418890&w=2" "lang": "eng",
}, "value": "Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to."
{ }
"name" : "20020403 More Office XP problems (Version 2.0)", ]
"refsource" : "BUGTRAQ", },
"url" : "http://online.securityfocus.com/archive/1/265621" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS02-021", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4397", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/4397" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:205", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205" "name": "oval:org.mitre.oval:def:429",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429"
"name" : "oval:org.mitre.oval:def:429", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429" "name": "4397",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/4397"
"name" : "outlook-object-execute-script(8708)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8708.php" "name": "MS02-021",
} "refsource": "MS",
] "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021"
} },
} {
"name": "20020331 More Office XP Problems",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101760380418890&w=2"
},
{
"name": "20020403 More Office XP problems (Version 2.0)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/265621"
},
{
"name": "oval:org.mitre.oval:def:205",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205"
},
{
"name": "outlook-object-execute-script(8708)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8708.php"
}
]
}
}

150
2002/1xxx/CVE-2002-1662.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1662", "ID": "CVE-2002-1662",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the \"Your name\" field during account registration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021212 Multiple Mambo Site Server sec-weaknesses", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the \"Your name\" field during account registration."
{ }
"name" : "6386", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6386" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "mambo-name-field-xss(10859)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10859" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "mambo-search-xss(10854)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10854" ]
} },
] "references": {
} "reference_data": [
} {
"name": "mambo-name-field-xss(10859)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10859"
},
{
"name": "6386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6386"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "mambo-search-xss(10854)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10854"
}
]
}
}

150
2002/1xxx/CVE-2002-1710.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1710", "ID": "CVE-2002-1710",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020618 BasiliX multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00247.html" "lang": "eng",
}, "value": "The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file."
{ }
"name" : "20020619 [VulnWatch] BasiliX multiple vulnerabilities", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "basilix-webmail-attach-files(9386)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9386" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5062", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/5062" ]
} },
] "references": {
} "reference_data": [
} {
"name": "5062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5062"
},
{
"name": "basilix-webmail-attach-files(9386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9386"
},
{
"name": "20020619 [VulnWatch] BasiliX multiple vulnerabilities",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0117.html"
},
{
"name": "20020618 BasiliX multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00247.html"
}
]
}
}

140
2002/1xxx/CVE-2002-1960.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1960", "ID": "CVE-2002-1960",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.share360.com/products/s360/Release_Notes.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.share360.com/products/s360/Release_Notes.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link."
{ }
"name" : "5151", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5151" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "share360-xss(9510)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9510.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.share360.com/products/s360/Release_Notes.html",
"refsource": "CONFIRM",
"url": "http://www.share360.com/products/s360/Release_Notes.html"
},
{
"name": "share360-xss(9510)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9510.php"
},
{
"name": "5151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5151"
}
]
}
}

140
2002/2xxx/CVE-2002-2186.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2186", "ID": "CVE-2002-2186",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500" "lang": "eng",
}, "value": "Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL."
{ }
"name" : "6126", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6126" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "jrun-unicode-source-disclosure(10570)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10570.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500"
},
{
"name": "jrun-unicode-source-disclosure(10570)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10570.php"
},
{
"name": "6126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6126"
}
]
}
}

140
2002/2xxx/CVE-2002-2252.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2252", "ID": "CVE-2002-2252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021201 Thatware (PHP)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0000.html" "lang": "eng",
}, "value": "SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter."
{ }
"name" : "1005733", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1005733" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "thatware-authinc-sql-injection(10759)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10759" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20021201 Thatware (PHP)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0000.html"
},
{
"name": "thatware-authinc-sql-injection(10759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10759"
},
{
"name": "1005733",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1005733"
}
]
}
}

140
2002/2xxx/CVE-2002-2424.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2424", "ID": "CVE-2002-2424",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020824 phpReactor - Cross-Site Scripting via STYLE", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0262.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag."
{ }
"name" : "5569", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5569" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "phpreactor-style-xss(9958)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9958.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "5569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5569"
},
{
"name": "20020824 phpReactor - Cross-Site Scripting via STYLE",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0262.html"
},
{
"name": "phpreactor-style-xss(9958)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9958.php"
}
]
}
}

140
2005/1xxx/CVE-2005-1321.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1321", "ID": "CVE-2005-1321",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[sork] 20050422 Vacation 2.2.2 (final)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.horde.org/archives/sork/Week-of-Mon-20050418/002148.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title."
{ }
"name" : "http://cvs.horde.org/diff.php/vacation/docs/CHANGES?r1=1.1.1.1.2.21&r2=1.1.1.1.2.26&ty=h", ]
"refsource" : "CONFIRM", },
"url" : "http://cvs.horde.org/diff.php/vacation/docs/CHANGES?r1=1.1.1.1.2.21&r2=1.1.1.1.2.26&ty=h" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15073", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15073" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.horde.org/diff.php/vacation/docs/CHANGES?r1=1.1.1.1.2.21&r2=1.1.1.1.2.26&ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/vacation/docs/CHANGES?r1=1.1.1.1.2.21&r2=1.1.1.1.2.26&ty=h"
},
{
"name": "15073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15073"
},
{
"name": "[sork] 20050422 Vacation 2.2.2 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/sork/Week-of-Mon-20050418/002148.html"
}
]
}
}

150
2005/1xxx/CVE-2005-1584.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1584", "ID": "CVE-2005-1584",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action."
{ }
"name" : "13602", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/13602" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16327", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16327" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15200", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/15200" ]
} },
] "references": {
} "reference_data": [
} {
"name": "13602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13602"
},
{
"name": "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html"
},
{
"name": "15200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15200"
},
{
"name": "16327",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16327"
}
]
}
}

130
2005/1xxx/CVE-2005-1651.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1651", "ID": "CVE-2005-1651",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the wmm parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "13597", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13597" "lang": "eng",
}, "value": "Directory traversal vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the wmm parameter."
{ }
"name" : "15268", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/15268" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15268"
},
{
"name": "13597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13597"
}
]
}
}

150
2005/1xxx/CVE-2005-1833.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1833", "ID": "CVE-2005-1833",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050531 Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111757191118050&w=2" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php."
{ }
"name" : "http://www.mybboard.com/community/showthread.php?tid=2559", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mybboard.com/community/showthread.php?tid=2559" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17024", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/17024" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15552", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/15552" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20050531 Multiple vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111757191118050&w=2"
},
{
"name": "15552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15552"
},
{
"name": "http://www.mybboard.com/community/showthread.php?tid=2559",
"refsource": "CONFIRM",
"url": "http://www.mybboard.com/community/showthread.php?tid=2559"
},
{
"name": "17024",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17024"
}
]
}
}

170
2009/1xxx/CVE-2009-1045.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1045", "ID": "CVE-2009-1045",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8213", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8213" "lang": "eng",
}, "value": "requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action."
{ }
"name" : "[oss-security] 20090317 CVE request -- firefox, vlc, WeeChat", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2009/03/17/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=262708", "description": [
"refsource" : "MISC", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=262708" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34126", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/34126" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:14357", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14357" "name": "vlcmediaplayer-web-status-bo(49249)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49249"
"name" : "vlcmediaplayer-web-status-bo(49249)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49249" "name": "8213",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/8213"
} },
} {
"name": "http://bugs.gentoo.org/show_bug.cgi?id=262708",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=262708"
},
{
"name": "oval:org.mitre.oval:def:14357",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14357"
},
{
"name": "[oss-security] 20090317 CVE request -- firefox, vlc, WeeChat",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/17/4"
},
{
"name": "34126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34126"
}
]
}
}

150
2009/1xxx/CVE-2009-1165.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2009-1165", "ID": "CVE-2009-1165",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (memory consumption and device reload) via SSH management connections, aka Bug ID CSCsw40789."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090727 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080adb3d7.shtml" "lang": "eng",
}, "value": "Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0, 5.1 before 5.1.163.0, and 5.0 and 5.2 before 5.2.178.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to cause a denial of service (memory consumption and device reload) via SSH management connections, aka Bug ID CSCsw40789."
{ }
"name" : "35817", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35817" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1022605", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022605" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2009-2021", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2009/2021" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20090727 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080adb3d7.shtml"
},
{
"name": "1022605",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022605"
},
{
"name": "ADV-2009-2021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2021"
},
{
"name": "35817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35817"
}
]
}
}

170
2009/1xxx/CVE-2009-1434.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1434", "ID": "CVE-2009-1434",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[foswiki-announce] 20090427 Security Alert CVE-2009-1434: Foswiki Page View Cross-Site Request Forgery (CSRF)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=49F61C4E.2040806%40lavrsen.dk&forum_name=foswiki-announce" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a (1) save or (2) view script in the SRC attribute of an IMG element, a related issue to CVE-2009-1339."
{ }
"name" : "http://foswiki.org/Support/SecurityAlert-CVE-2009-1434", ]
"refsource" : "CONFIRM", },
"url" : "http://foswiki.org/Support/SecurityAlert-CVE-2009-1434" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://launchpad.net/bugs/cve/2009-1434", "description": [
"refsource" : "CONFIRM", {
"url" : "https://launchpad.net/bugs/cve/2009-1434" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "54148", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/54148" ]
}, },
{ "references": {
"name" : "34863", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34863" "name": "foswiki-unspecified-csrf(50256)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50256"
"name" : "foswiki-unspecified-csrf(50256)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50256" "name": "54148",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/54148"
} },
} {
"name": "[foswiki-announce] 20090427 Security Alert CVE-2009-1434: Foswiki Page View Cross-Site Request Forgery (CSRF)",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=49F61C4E.2040806%40lavrsen.dk&forum_name=foswiki-announce"
},
{
"name": "http://foswiki.org/Support/SecurityAlert-CVE-2009-1434",
"refsource": "CONFIRM",
"url": "http://foswiki.org/Support/SecurityAlert-CVE-2009-1434"
},
{
"name": "34863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34863"
},
{
"name": "https://launchpad.net/bugs/cve/2009-1434",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/cve/2009-1434"
}
]
}
}

220
2009/5xxx/CVE-2009-5031.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-5031", "ID": "CVE-2009-5031",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120621 Re: mod_security CVE request", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/06/22/2" "lang": "eng",
}, "value": "ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header."
{ }
"name" : "[oss-security] 20120621 mod_security CVE request", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/06/22/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html", "description": [
"refsource" : "MISC", {
"url" : "http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf", ]
"refsource" : "MISC", }
"url" : "http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf" ]
}, },
{ "references": {
"name" : "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES" "name": "openSUSE-SU-2013:1342",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html"
"name" : "https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366", },
"refsource" : "CONFIRM", {
"url" : "https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366" "name": "54156",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/54156"
"name" : "openSUSE-SU-2013:1331", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html" "name": "openSUSE-SU-2013:1331",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00020.html"
"name" : "openSUSE-SU-2013:1336", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html" "name": "http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf",
}, "refsource": "MISC",
{ "url": "http://www.suspekt.org/downloads/POC2009-ShockingNewsInPHPExploitation.pdf"
"name" : "openSUSE-SU-2013:1342", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00031.html" "name": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES",
}, "refsource": "CONFIRM",
{ "url": "http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES"
"name" : "54156", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54156" "name": "http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html",
}, "refsource": "MISC",
{ "url": "http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html"
"name" : "49576", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49576" "name": "[oss-security] 20120621 Re: mod_security CVE request",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2012/06/22/2"
} },
} {
"name": "[oss-security] 20120621 mod_security CVE request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/22/1"
},
{
"name": "49576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49576"
},
{
"name": "https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366",
"refsource": "CONFIRM",
"url": "https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366"
},
{
"name": "openSUSE-SU-2013:1336",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00025.html"
}
]
}
}

180
2012/0xxx/CVE-2012-0167.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-0167", "ID": "CVE-2012-0167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka \"GDI+ Heap Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-034", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034" "lang": "eng",
}, "value": "Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka \"GDI+ Heap Overflow Vulnerability.\""
{ }
"name" : "TA12-129A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53351", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53351" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:15628", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15628" ]
}, },
{ "references": {
"name" : "1027038", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027038" "name": "49121",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49121"
"name" : "49121", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49121" "name": "53351",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/53351"
"name" : "windows-gdi-emf-bo(75126)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75126" "name": "oval:org.mitre.oval:def:15628",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15628"
} },
} {
"name": "windows-gdi-emf-bo(75126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75126"
},
{
"name": "MS12-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034"
},
{
"name": "1027038",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027038"
},
{
"name": "TA12-129A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
}
]
}
}

150
2012/0xxx/CVE-2012-0439.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0439", "ID": "CVE-2012-0439",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-13-008/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-13-008/" "lang": "eng",
}, "value": "An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before SP1 HP1 allows remote attackers to execute arbitrary code via (1) a pointer argument to the SetEngine method or (2) an XPItem pointer argument to an unspecified method."
{ }
"name" : "http://www.novell.com/support/kb/doc.php?id=7011688", ]
"refsource" : "CONFIRM", },
"url" : "http://www.novell.com/support/kb/doc.php?id=7011688" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=712144", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=712144" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=743674", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=743674" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://bugzilla.novell.com/show_bug.cgi?id=743674",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=743674"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=712144",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=712144"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-13-008/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-008/"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011688",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011688"
}
]
}
}

350
2012/0xxx/CVE-2012-0460.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0460", "ID": "CVE-2012-0460",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-18.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-18.html" "lang": "eng",
}, "value": "Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=727303", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=727303" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2012:032", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2012:0387", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0387.html" ]
}, },
{ "references": {
"name" : "RHSA-2012:0388", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0388.html" "name": "openSUSE-SU-2012:0417",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html"
"name" : "openSUSE-SU-2012:0417", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" "name": "48402",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48402"
"name" : "SUSE-SU-2012:0424", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" "name": "SUSE-SU-2012:0424",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html"
"name" : "USN-1400-3", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-3" "name": "USN-1400-5",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-5"
"name" : "USN-1400-4", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-4" "name": "48359",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48359"
"name" : "USN-1400-5", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-5" "name": "USN-1400-4",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-4"
"name" : "USN-1400-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-2" "name": "48629",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48629"
"name" : "USN-1400-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-1" "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-18.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-18.html"
"name" : "oval:org.mitre.oval:def:15114", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15114" "name": "USN-1400-3",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-3"
"name" : "1026804", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026804" "name": "RHSA-2012:0387",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0387.html"
"name" : "1026801", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026801" "name": "48496",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48496"
"name" : "1026803", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026803" "name": "oval:org.mitre.oval:def:15114",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15114"
"name" : "48629", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48629" "name": "49055",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49055"
"name" : "48513", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48513" "name": "USN-1400-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-2"
"name" : "48496", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48496" "name": "MDVSA-2012:032",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032"
"name" : "48553", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48553" "name": "1026803",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026803"
"name" : "48561", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48561" "name": "48553",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48553"
"name" : "49055", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49055" "name": "USN-1400-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-1"
"name" : "48402", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48402" "name": "48561",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48561"
"name" : "48359", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48359" "name": "RHSA-2012:0388",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2012-0388.html"
} },
} {
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=727303",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=727303"
},
{
"name": "1026801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026801"
},
{
"name": "1026804",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026804"
},
{
"name": "48513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48513"
}
]
}
}

140
2012/0xxx/CVE-2012-0691.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0691", "ID": "CVE-2012-0691",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20121001 CA20121001-01: Security Notice for CA License", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-10/0011.html" "lang": "eng",
}, "value": "CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors."
{ }
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={79CE87E4-7A35-48A3-99BA-5A0DBEDECA94}", ]
"refsource" : "CONFIRM", },
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={79CE87E4-7A35-48A3-99BA-5A0DBEDECA94}" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1027588", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027588" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20121001 CA20121001-01: Security Notice for CA License",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0011.html"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={79CE87E4-7A35-48A3-99BA-5A0DBEDECA94}",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={79CE87E4-7A35-48A3-99BA-5A0DBEDECA94}"
},
{
"name": "1027588",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027588"
}
]
}
}

120
2012/3xxx/CVE-2012-3243.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3243", "ID": "CVE-2012-3243",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "53927", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53927" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Magento allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53927"
}
]
}
}

180
2012/4xxx/CVE-2012-4036.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4036", "ID": "CVE-2012-4036",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.pbboard.com/forums/t10352.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.pbboard.com/forums/t10352.html" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216."
{ }
"name" : "http://www.pbboard.com/forums/t10353.html", ]
"refsource" : "MISC", },
"url" : "http://www.pbboard.com/forums/t10353.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.htbridge.com/advisory/HTB23101", "description": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23101" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "54916", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/54916" ]
}, },
{ "references": {
"name" : "84479", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/84479" "name": "https://www.htbridge.com/advisory/HTB23101",
}, "refsource": "MISC",
{ "url": "https://www.htbridge.com/advisory/HTB23101"
"name" : "50153", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50153" "name": "http://www.pbboard.com/forums/t10353.html",
}, "refsource": "MISC",
{ "url": "http://www.pbboard.com/forums/t10353.html"
"name" : "pbboard-admin-security-bypass(77508)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77508" "name": "pbboard-admin-security-bypass(77508)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77508"
} },
} {
"name": "54916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54916"
},
{
"name": "http://www.pbboard.com/forums/t10352.html",
"refsource": "MISC",
"url": "http://www.pbboard.com/forums/t10352.html"
},
{
"name": "84479",
"refsource": "OSVDB",
"url": "http://osvdb.org/84479"
},
{
"name": "50153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50153"
}
]
}
}

120
2012/4xxx/CVE-2012-4113.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2012-4113", "ID": "CVE-2012-4113",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131016 Cisco Unified Computing System Fabric Interconnect Arbitrary File Read Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4113" "lang": "eng",
} "value": "The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131016 Cisco Unified Computing System Fabric Interconnect Arbitrary File Read Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4113"
}
]
}
}

150
2012/4xxx/CVE-2012-4355.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4355", "ID": "CVE-2012-4355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aluigi.org/adv/winlog_2-adv.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://aluigi.org/adv/winlog_2-adv.txt" "lang": "eng",
}, "value": "TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354."
{ }
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.sielcosistemi.com/en/news/index.html?id=70", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.sielcosistemi.com/en/news/index.html?id=70" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "49395", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/49395" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://aluigi.org/adv/winlog_2-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/winlog_2-adv.txt"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf"
},
{
"name": "49395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49395"
},
{
"name": "http://www.sielcosistemi.com/en/news/index.html?id=70",
"refsource": "CONFIRM",
"url": "http://www.sielcosistemi.com/en/news/index.html?id=70"
}
]
}
}

200
2012/4xxx/CVE-2012-4527.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4527", "ID": "CVE-2012-4527",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name. NOTE: it is not clear whether this is a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121018 CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/10/18/9" "lang": "eng",
}, "value": "Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name. NOTE: it is not clear whether this is a vulnerability."
{ }
"name" : "[oss-security] 20121018 Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/10/18/12" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20121119 Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/11/20/1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=867790", ]
"refsource" : "MISC", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=867790" ]
}, },
{ "references": {
"name" : "FEDORA-2012-17290", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091206.html" "name": "FEDORA-2012-17290",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091206.html"
"name" : "FEDORA-2012-17318", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091173.html" "name": "openSUSE-SU-2012:1440",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00003.html"
"name" : "FEDORA-2012-17339", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091377.html" "name": "FEDORA-2012-17318",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091173.html"
"name" : "openSUSE-SU-2012:1440", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00003.html" "name": "FEDORA-2012-17339",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091377.html"
"name" : "56114", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56114" "name": "56114",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/56114"
} },
} {
"name": "[oss-security] 20121018 Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/18/12"
},
{
"name": "[oss-security] 20121119 Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/1"
},
{
"name": "[oss-security] 20121018 CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/18/9"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=867790",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=867790"
}
]
}
}

130
2012/4xxx/CVE-2012-4669.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4669", "ID": "CVE-2012-4669",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://xmpp.org/resources/security-notices/server-dialback/", "description_data": [
"refsource" : "MISC", {
"url" : "http://xmpp.org/resources/security-notices/server-dialback/" "lang": "eng",
}, "value": "M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted."
{ }
"name" : "http://isode.com/company/wordpress/xmpp-server-dialback/", ]
"refsource" : "CONFIRM", },
"url" : "http://isode.com/company/wordpress/xmpp-server-dialback/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://isode.com/company/wordpress/xmpp-server-dialback/",
"refsource": "CONFIRM",
"url": "http://isode.com/company/wordpress/xmpp-server-dialback/"
},
{
"name": "http://xmpp.org/resources/security-notices/server-dialback/",
"refsource": "MISC",
"url": "http://xmpp.org/resources/security-notices/server-dialback/"
}
]
}
}

150
2012/6xxx/CVE-2012-6641.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6641", "ID": "CVE-2012-6641",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"parameter names and values.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.prestashop.com/de/entwickler-versionen/changelog/1.4.7.2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.prestashop.com/de/entwickler-versionen/changelog/1.4.7.2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to \"parameter names and values.\""
{ }
"name" : "52962", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/52962" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "48036", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48036" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "socolissimo-redirect-xss(74773)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74773" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.prestashop.com/de/entwickler-versionen/changelog/1.4.7.2",
"refsource": "CONFIRM",
"url": "http://www.prestashop.com/de/entwickler-versionen/changelog/1.4.7.2"
},
{
"name": "52962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52962"
},
{
"name": "48036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48036"
},
{
"name": "socolissimo-redirect-xss(74773)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74773"
}
]
}
}

34
2012/6xxx/CVE-2012-6688.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6688", "ID": "CVE-2012-6688",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/2xxx/CVE-2017-2047.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-2047", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-2047",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

120
2017/2xxx/CVE-2017-2164.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2164", "ID": "CVE-2017-2164",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SOY CMS with installer", "product_name": "SOY CMS with installer",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.8.12 and earlier" "version_value": "1.8.12 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Nippon Institute of Agroinformatics Ltd." "vendor_name": "Nippon Institute of Agroinformatics Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#51978169", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN51978169/index.html" "lang": "eng",
} "value": "Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#51978169",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51978169/index.html"
}
]
}
}

130
2017/2xxx/CVE-2017-2307.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sirt@juniper.net", "ASSIGNER": "sirt@juniper.net",
"ID" : "CVE-2017-2307", "ID": "CVE-2017-2307",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Junos Space", "product_name": "Junos Space",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "versions prior to 16.1R1" "version_value": "versions prior to 16.1R1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Juniper Networks" "vendor_name": "Juniper Networks"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "reflected cross site scripting vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.juniper.net/JSA10770", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.juniper.net/JSA10770" "lang": "eng",
}, "value": "A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space."
{ }
"name" : "98749", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98749" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "reflected cross site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98749"
},
{
"name": "https://kb.juniper.net/JSA10770",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10770"
}
]
}
}

34
2017/6xxx/CVE-2017-6261.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6261", "ID": "CVE-2017-6261",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/7xxx/CVE-2017-7531.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7531", "ID": "CVE-2017-7531",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Moodle 3.3, the course overview block reveals activities in hidden courses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://moodle.org/mod/forum/discuss.php?d=355555", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://moodle.org/mod/forum/discuss.php?d=355555" "lang": "eng",
}, "value": "In Moodle 3.3, the course overview block reveals activities in hidden courses."
{ }
"name" : "99618", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99618" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=355555",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=355555"
},
{
"name": "99618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99618"
}
]
}
}

130
2017/7xxx/CVE-2017-7639.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7639", "ID": "CVE-2017-7639",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.qnap.com/en/security-advisory/nas-201806-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.qnap.com/en/security-advisory/nas-201806-01" "lang": "eng",
}, "value": "QNAP NAS application Proxy Server through version 1.2.0 does not authenticate requests properly. Successful exploitation can lead to change of the settings of Proxy Server."
{ }
"name" : "1041025", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041025" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/en/security-advisory/nas-201806-01",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/en/security-advisory/nas-201806-01"
},
{
"name": "1041025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041025"
}
]
}
}

120
2018/11xxx/CVE-2018-11035.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11035", "ID": "CVE-2018-11035",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x80002019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345NsProtect.sys-x64-0x80002019", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345NsProtect.sys-x64-0x80002019" "lang": "eng",
} "value": "In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x80002019."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345NsProtect.sys-x64-0x80002019",
"refsource": "MISC",
"url": "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345NsProtect.sys-x64-0x80002019"
}
]
}
}

120
2018/11xxx/CVE-2018-11205.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11205", "ID": "CVE-2018-11205",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5" "lang": "eng",
} "value": "A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5",
"refsource": "MISC",
"url": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5"
}
]
}
}

140
2018/11xxx/CVE-2018-11265.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2018-11265", "ID": "CVE-2018-11265",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input in Core"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components" "lang": "eng",
}, "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment."
{ }
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b211b051d7ca226d96b70defe10ac318f768b5b2", ]
"refsource" : "CONFIRM", },
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b211b051d7ca226d96b70defe10ac318f768b5b2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" "lang": "eng",
} "value": "Buffer Copy Without Checking Size of Input in Core"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b211b051d7ca226d96b70defe10ac318f768b5b2",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b211b051d7ca226d96b70defe10ac318f768b5b2"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components"
}
]
}
}

130
2018/14xxx/CVE-2018-14280.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14280", "ID": "CVE-2018-14280",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.1.1049" "version_value": "9.0.1.1049"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5619."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-693-Protection Mechanism Failure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-740", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-740" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5619."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-693-Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-740",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-740"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

130
2018/14xxx/CVE-2018-14307.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14307", "ID": "CVE-2018-14307",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.1.5096" "version_value": "9.0.1.5096"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Link objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6267."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-767", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-767" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Link objects. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6267."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-767",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-767"
}
]
}
}

130
2018/14xxx/CVE-2018-14615.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14615", "ID": "CVE-2018-14615",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.kernel.org/show_bug.cgi?id=200421", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.kernel.org/show_bug.cgi?id=200421" "lang": "eng",
}, "value": "An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be negative."
{ }
"name" : "104917", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104917" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104917"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200421",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200421"
}
]
}
}

170
2018/14xxx/CVE-2018-14651.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "lpardo@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-14651", "ID": "CVE-2018-14651",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "glusterfs", "product_name": "glusterfs",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "[UNKNOWN]" "vendor_name": "[UNKNOWN]"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-59"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181105 [SECURITY] [DLA 1565-1] glusterfs security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html" "lang": "eng",
}, "value": "It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14651", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14651" "impact": {
}, "cvss": [
{ [
"name" : "RHSA-2018:3431", {
"refsource" : "REDHAT", "vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"url" : "https://access.redhat.com/errata/RHSA-2018:3431" "version": "3.0"
}, }
{ ]
"name" : "RHSA-2018:3432", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2018:3432" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14651",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14651"
},
{
"name": "RHSA-2018:3431",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3431"
},
{
"name": "[debian-lts-announce] 20181105 [SECURITY] [DLA 1565-1] glusterfs security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html"
},
{
"name": "RHSA-2018:3432",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3432"
}
]
}
}

210
2018/14xxx/CVE-2018-14883.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14883", "ID": "CVE-2018-14883",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180901 [SECURITY] [DLA 1490-1] php5 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html" "lang": "eng",
}, "value": "An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c."
{ }
"name" : "http://php.net/ChangeLog-5.php", ]
"refsource" : "CONFIRM", },
"url" : "http://php.net/ChangeLog-5.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://php.net/ChangeLog-7.php", "description": [
"refsource" : "CONFIRM", {
"url" : "http://php.net/ChangeLog-7.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.php.net/bug.php?id=76423", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.php.net/bug.php?id=76423" ]
}, },
{ "references": {
"name" : "https://www.tenable.com/security/tns-2018-12", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.tenable.com/security/tns-2018-12" "name": "104871",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/104871"
"name" : "https://security.netapp.com/advisory/ntap-20181107-0003/", },
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20181107-0003/" "name": "https://security.netapp.com/advisory/ntap-20181107-0003/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20181107-0003/"
"name" : "DSA-4353", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4353" "name": "USN-3766-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3766-1/"
"name" : "USN-3766-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3766-1/" "name": "https://www.tenable.com/security/tns-2018-12",
}, "refsource": "CONFIRM",
{ "url": "https://www.tenable.com/security/tns-2018-12"
"name" : "USN-3766-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3766-2/" "name": "DSA-4353",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4353"
"name" : "104871", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104871" "name": "http://php.net/ChangeLog-5.php",
} "refsource": "CONFIRM",
] "url": "http://php.net/ChangeLog-5.php"
} },
} {
"name": "[debian-lts-announce] 20180901 [SECURITY] [DLA 1490-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html"
},
{
"name": "https://bugs.php.net/bug.php?id=76423",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=76423"
},
{
"name": "USN-3766-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3766-2/"
},
{
"name": "http://php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-7.php"
}
]
}
}

34
2018/15xxx/CVE-2018-15135.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15135", "ID": "CVE-2018-15135",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/20xxx/CVE-2018-20477.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20477", "ID": "CVE-2018-20477",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://shell01.top/2018/12/18/scms-sqlinject/", "description_data": [
"refsource" : "MISC", {
"url" : "https://shell01.top/2018/12/18/scms-sqlinject/" "lang": "eng",
} "value": "An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://shell01.top/2018/12/18/scms-sqlinject/",
"refsource": "MISC",
"url": "https://shell01.top/2018/12/18/scms-sqlinject/"
}
]
}
}

120
2018/20xxx/CVE-2018-20530.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20530", "ID": "CVE-2018-20530",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://suku90.wordpress.com/2018/12/27/php-scripts-mall-website-seller-script-2-0-5-stored-and-reflected-xss/", "description_data": [
"refsource" : "MISC", {
"url" : "https://suku90.wordpress.com/2018/12/27/php-scripts-mall-website-seller-script-2-0-5-stored-and-reflected-xss/" "lang": "eng",
} "value": "PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://suku90.wordpress.com/2018/12/27/php-scripts-mall-website-seller-script-2-0-5-stored-and-reflected-xss/",
"refsource": "MISC",
"url": "https://suku90.wordpress.com/2018/12/27/php-scripts-mall-website-seller-script-2-0-5-stored-and-reflected-xss/"
}
]
}
}

132
2018/9xxx/CVE-2018-9458.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00", "DATE_PUBLIC": "2018-10-31T00:00:00",
"ID" : "CVE-2018-9458", "ID": "CVE-2018-9458",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-8.0 Android-8.1" "version_value": "Android-8.0 Android-8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-71786287."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-08-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-08-01" "lang": "eng",
}, "value": "In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-71786287."
{ }
"name" : "1041432", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041432" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
}
]
}
}

34
2018/9xxx/CVE-2018-9717.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9717", "ID": "CVE-2018-9717",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/9xxx/CVE-2018-9919.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9919", "ID": "CVE-2018-9919",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the \"down_url\" URL into the \"bddlj\" local file if the attacker knows the backdoor \"jmmy\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180501 Backdoor in Tpshop <= 2.0.8 (CVE-2018-9919)", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/May/11" "lang": "eng",
} "value": "A web-accessible backdoor, with resultant SSRF, exists in Tp-shop 2.0.5 through 2.0.8, which allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution, because /vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php writes data from the \"down_url\" URL into the \"bddlj\" local file if the attacker knows the backdoor \"jmmy\" parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180501 Backdoor in Tpshop <= 2.0.8 (CVE-2018-9919)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/11"
}
]
}
}