admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:52:35 +00:00
parent 8506004809
commit 681fcc3877
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3922 additions and 3917 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2002/0xxx/CVE-2002-0009.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0009",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "show_bug.cgi in Bugzilla before 2.14.1 allows a user with \"Bugs Access\" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html"
},
{
"name" : "http://www.bugzilla.org/security2_14_1.html",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security2_14_1.html"
},
{
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=102141",
"refsource" : "MISC",
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=102141"
},
{
"name" : "RHSA-2002:001",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2002-001.html"
},
{
"name" : "bugzilla-showbug-reveal-bugs(7802)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7802.php"
},
{
"name" : "3798",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3798"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "show_bug.cgi in Bugzilla before 2.14.1 allows a user with \"Bugs Access\" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:001",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-001.html"
},
{
"name": "20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html"
},
{
"name": "http://www.bugzilla.org/security2_14_1.html",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security2_14_1.html"
},
{
"name": "3798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3798"
},
{
"name": "bugzilla-showbug-reveal-bugs(7802)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7802.php"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=102141",
"refsource": "MISC",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=102141"
}
]
}
}

150
2002/0xxx/CVE-2002-0173.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0173",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020409-01-I",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20020409-01-I"
},
{
"name" : "4644",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4644"
},
{
"name" : "irix-cpr-bo(8959)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8959.php"
},
{
"name" : "5359",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5359"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5359",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5359"
},
{
"name": "irix-cpr-bo(8959)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8959.php"
},
{
"name": "4644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4644"
},
{
"name": "20020409-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020409-01-I"
}
]
}
}

34
2002/0xxx/CVE-2002-0182.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0182",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0182",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2002/0xxx/CVE-2002-0312.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Essentia Web Server 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/258365"
},
{
"name" : "20020222 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)",
"refsource" : "NTBUGTRAQ",
"url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0202&L=ntbugtraq&F=P&S=&P=10201"
},
{
"name" : "20020221 SecurityOffice Security Advisory:// Essentia Web Server Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101439734827908&w=2"
},
{
"name" : "essentia-server-directory-traversal(8248)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8248.php"
},
{
"name" : "4160",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4160"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Essentia Web Server 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4160"
},
{
"name": "20020221 SecurityOffice Security Advisory:// Essentia Web Server Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101439734827908&w=2"
},
{
"name": "20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/258365"
},
{
"name": "essentia-server-directory-traversal(8248)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8248.php"
},
{
"name": "20020222 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)",
"refsource": "NTBUGTRAQ",
"url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0202&L=ntbugtraq&F=P&S=&P=10201"
}
]
}
}

160
2002/0xxx/CVE-2002-0764.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0764",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020517 Phorum 3.3.2a remote command execution",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0147.html"
},
{
"name" : "20020518 Phorum 3.3.2a has another bug for remote command execution",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0153.html"
},
{
"name" : "http://www.phorum.org/",
"refsource" : "CONFIRM",
"url" : "http://www.phorum.org/"
},
{
"name" : "phorum-php-command-execution(9107)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9107.php"
},
{
"name" : "4763",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4763"
},
{
"name": "http://www.phorum.org/",
"refsource": "CONFIRM",
"url": "http://www.phorum.org/"
},
{
"name": "20020518 Phorum 3.3.2a has another bug for remote command execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0153.html"
},
{
"name": "phorum-php-command-execution(9107)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9107.php"
},
{
"name": "20020517 Phorum 3.3.2a remote command execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0147.html"
}
]
}
}

140
2002/1xxx/CVE-2002-1772.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1772",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Novell Netware 5.0 through 5.1 may allow local users to gain \"Domain Admin\" rights by logging into a Novell Directory Services (NDS) account, and executing \"net use\" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020131 Possible privilege escalation with NDS for NT",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/253373"
},
{
"name" : "4012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4012"
},
{
"name" : "netware-nds-unauth-access(8065)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8065"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell Netware 5.0 through 5.1 may allow local users to gain \"Domain Admin\" rights by logging into a Novell Directory Services (NDS) account, and executing \"net use\" on an NDS_ADM account that is not in the NT domain but has domain access rights, which allows the user to enter a null password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020131 Possible privilege escalation with NDS for NT",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/253373"
},
{
"name": "netware-nds-unauth-access(8065)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8065"
},
{
"name": "4012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4012"
}
]
}
}

180
2002/2xxx/CVE-2002-2086.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2086",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) \"<<script\" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311"
},
{
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=545933&group_id=311&atid=100311",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=545933&group_id=311&atid=100311"
},
{
"name" : "http://www.squirrelmail.org/changelog.php",
"refsource" : "CONFIRM",
"url" : "http://www.squirrelmail.org/changelog.php"
},
{
"name" : "4666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4666"
},
{
"name" : "4667",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4667"
},
{
"name" : "squirrelmail-header-xss(9008)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9008"
},
{
"name" : "squirrelmail-html-attachment-xss(9009)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9009"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) \"<<script\" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=544658&group_id=311&atid=100311"
},
{
"name": "squirrelmail-header-xss(9008)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9008"
},
{
"name": "4666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4666"
},
{
"name": "4667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4667"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail&aid=545933&group_id=311&atid=100311",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=545933&group_id=311&atid=100311"
},
{
"name": "squirrelmail-html-attachment-xss(9009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9009"
},
{
"name": "http://www.squirrelmail.org/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/changelog.php"
}
]
}
}

150
2002/2xxx/CVE-2002-2246.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header (HTTP_REFERER) to a non-existent page, which is injected into the resulting 404 error page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021212 VisNetic WebSite XSS vulnerability through HTTP referer header",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0113.html"
},
{
"name" : "http://www.deerfield.com/products/visnetic_website/",
"refsource" : "CONFIRM",
"url" : "http://www.deerfield.com/products/visnetic_website/"
},
{
"name" : "6369",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6369"
},
{
"name" : "visnetic-website-referer-xss(10852)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10852"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in VisNetic Website before 3.5.15 allows remote attackers to inject arbitrary web script or HTML via the HTTP referer header (HTTP_REFERER) to a non-existent page, which is injected into the resulting 404 error page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021212 VisNetic WebSite XSS vulnerability through HTTP referer header",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0113.html"
},
{
"name": "6369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6369"
},
{
"name": "http://www.deerfield.com/products/visnetic_website/",
"refsource": "CONFIRM",
"url": "http://www.deerfield.com/products/visnetic_website/"
},
{
"name": "visnetic-website-referer-xss(10852)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10852"
}
]
}
}

140
2005/0xxx/CVE-2005-0425.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg24008814",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24008814"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg24008815",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg24008815"
},
{
"name" : "14274",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14274"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14274"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg24008815",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24008815"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg24008814",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24008814"
}
]
}
}

160
2005/0xxx/CVE-2005-0839.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0839",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-0839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20050301 Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline.",
"refsource" : "MLIST",
"url" : "http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg64704.html"
},
{
"name" : "http://linux.bkbits.net:8080/linux-2.6/cset@41fa6464E1UuGu6zmketEYxm73KSyQ",
"refsource" : "MISC",
"url" : "http://linux.bkbits.net:8080/linux-2.6/cset@41fa6464E1UuGu6zmketEYxm73KSyQ"
},
{
"name" : "FLSA:157459-3",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name" : "RHSA-2005:366",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-366.html"
},
{
"name" : "oval:org.mitre.oval:def:9460",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9460"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:366",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-366.html"
},
{
"name": "oval:org.mitre.oval:def:9460",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9460"
},
{
"name": "[linux-kernel] 20050301 Re: Breakage from patch: Only root should be able to set the N_MOUSE line discipline.",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg64704.html"
},
{
"name": "FLSA:157459-3",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name": "http://linux.bkbits.net:8080/linux-2.6/cset@41fa6464E1UuGu6zmketEYxm73KSyQ",
"refsource": "MISC",
"url": "http://linux.bkbits.net:8080/linux-2.6/cset@41fa6464E1UuGu6zmketEYxm73KSyQ"
}
]
}
}

130
2005/1xxx/CVE-2005-1379.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1379",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050428 insecure user account lam-runtime-7.0.6-2mdk rpm",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111472262231060&w=2"
},
{
"name" : "13431",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13431"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13431"
},
{
"name": "20050428 insecure user account lam-runtime-7.0.6-2mdk rpm",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111472262231060&w=2"
}
]
}
}

180
2005/1xxx/CVE-2005-1925.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1925",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051110 Tikiwiki tiki-editpage Arbitrary File Exposure Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=337&type=vulnerabilities"
},
{
"name" : "20051110 Tikiwiki tiki-user_preferences Command Injection Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=335&type=vulnerabilities"
},
{
"name" : "15390",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15390"
},
{
"name" : "15392",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15392"
},
{
"name" : "1015190",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015190"
},
{
"name" : "tikiwiki-tikieditpage-directory-traversal(23095)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23095"
},
{
"name" : "tikiwiki-tikiuserpreferences-dir-traversal(23099)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23099"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 allow remote attackers to read arbitrary files and execute commands via (1) the suck_url parameter to tiki-editpage.php or (2) language parameter to tiki-user_preferences.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051110 Tikiwiki tiki-user_preferences Command Injection Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=335&type=vulnerabilities"
},
{
"name": "tikiwiki-tikiuserpreferences-dir-traversal(23099)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23099"
},
{
"name": "15390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15390"
},
{
"name": "tikiwiki-tikieditpage-directory-traversal(23095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23095"
},
{
"name": "15392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15392"
},
{
"name": "1015190",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015190"
},
{
"name": "20051110 Tikiwiki tiki-editpage Arbitrary File Exposure Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=337&type=vulnerabilities"
}
]
}
}

190
2009/0xxx/CVE-2009-0157.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0157",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3549",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3549"
},
{
"name" : "APPLE-SA-2009-05-12",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name" : "TA09-133A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name" : "34926",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34926"
},
{
"name" : "1022211",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022211"
},
{
"name" : "35074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35074"
},
{
"name" : "ADV-2009-1297",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name" : "macos-cfnetwork-bo(50480)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50480"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "macos-cfnetwork-bo(50480)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50480"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "34926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34926"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "1022211",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022211"
}
]
}
}

130
2009/0xxx/CVE-2009-0394.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0394",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7917",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7917"
},
{
"name" : "33524",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33524"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33524"
},
{
"name": "7917",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7917"
}
]
}
}

150
2009/0xxx/CVE-2009-0810.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8101",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8101"
},
{
"name" : "33875",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33875"
},
{
"name" : "ADV-2009-0523",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0523"
},
{
"name" : "xguestbook-login-sql-injection(48881)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48881"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xguestbook-login-sql-injection(48881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48881"
},
{
"name": "33875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33875"
},
{
"name": "8101",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8101"
},
{
"name": "ADV-2009-0523",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0523"
}
]
}
}

160
2009/1xxx/CVE-2009-1582.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8605",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8605"
},
{
"name" : "34809",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34809"
},
{
"name" : "54204",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54204"
},
{
"name" : "34994",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34994"
},
{
"name" : "milliondollar-adminhome-auth-bypass(50306)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50306"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Million Dollar Text Links 1.0 does not properly restrict administrator access to admin.home.php, which allows remote attackers to bypass intended restrictions and gain privileges via a direct request to admin.home.php after visiting admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8605",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8605"
},
{
"name": "54204",
"refsource": "OSVDB",
"url": "http://osvdb.org/54204"
},
{
"name": "34809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34809"
},
{
"name": "34994",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34994"
},
{
"name": "milliondollar-adminhome-auth-bypass(50306)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50306"
}
]
}
}

150
2009/1xxx/CVE-2009-1798.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1798",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://holisticinfosec.org/content/view/111/45/",
"refsource" : "MISC",
"url" : "http://holisticinfosec.org/content/view/111/45/"
},
{
"name" : "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887",
"refsource" : "CONFIRM",
"url" : "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name" : "VU#166739",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/166739"
},
{
"name" : "37744",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37744"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the login_username vector for Forms/login1 is already covered by CVE-2009-4406."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://holisticinfosec.org/content/view/111/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/111/45/"
},
{
"name": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887",
"refsource": "CONFIRM",
"url": "http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=10887"
},
{
"name": "VU#166739",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/166739"
},
{
"name": "37744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37744"
}
]
}
}

140
2009/1xxx/CVE-2009-1820.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8702",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8702"
},
{
"name" : "34992",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34992"
},
{
"name" : "ADV-2009-1341",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1341"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1341",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1341"
},
{
"name": "34992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34992"
},
{
"name": "8702",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8702"
}
]
}
}

580
2009/1xxx/CVE-2009-1955.json
View File

@ -1,292 +1,292 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1955",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090824 rPSA-2009-0123-1 apr-util",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506053/100/0/threaded"
},
{
"name" : "8842",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8842"
},
{
"name" : "[apr-dev] 20090602 [PATCH] prevent \"billion laughs\" attack against expat",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=apr-dev&m=124396021826125&w=2"
},
{
"name" : "[oss-security] 20090603 CVE request: \"billion laughs\" attack against Apache APR",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/06/03/4"
},
{
"name" : "http://svn.apache.org/viewvc?view=rev&revision=781403",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=rev&revision=781403"
},
{
"name" : "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3",
"refsource" : "CONFIRM",
"url" : "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0123",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0123"
},
{
"name" : "http://support.apple.com/kb/HT3937",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3937"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name" : "PK88342",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342"
},
{
"name" : "PK91241",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
},
{
"name" : "PK99478",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
},
{
"name" : "APPLE-SA-2009-11-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name" : "DSA-1812",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1812"
},
{
"name" : "FEDORA-2009-5969",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
},
{
"name" : "FEDORA-2009-6014",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
},
{
"name" : "FEDORA-2009-6261",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
},
{
"name" : "GLSA-200907-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200907-03.xml"
},
{
"name" : "HPSBUX02612",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
},
{
"name" : "SSRT100345",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
},
{
"name" : "MDVSA-2009:131",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "RHSA-2009:1107",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
},
{
"name" : "RHSA-2009:1108",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
},
{
"name" : "SSA:2009-167-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210"
},
{
"name" : "SUSE-SR:2010:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name" : "USN-786-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-786-1"
},
{
"name" : "USN-787-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-787-1"
},
{
"name" : "35253",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35253"
},
{
"name" : "oval:org.mitre.oval:def:10270",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270"
},
{
"name" : "oval:org.mitre.oval:def:12473",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473"
},
{
"name" : "35284",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35284"
},
{
"name" : "35360",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35360"
},
{
"name" : "34724",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34724"
},
{
"name" : "35444",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35444"
},
{
"name" : "35487",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35487"
},
{
"name" : "35395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35395"
},
{
"name" : "35565",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35565"
},
{
"name" : "35710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35710"
},
{
"name" : "35843",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35843"
},
{
"name" : "35797",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35797"
},
{
"name" : "36473",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36473"
},
{
"name" : "37221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37221"
},
{
"name" : "ADV-2009-1907",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1907"
},
{
"name" : "ADV-2009-3184",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name" : "ADV-2010-1107",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35487"
},
{
"name": "DSA-1812",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1812"
},
{
"name": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
},
{
"name": "ADV-2009-1907",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1907"
},
{
"name": "FEDORA-2009-5969",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
},
{
"name": "35444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35444"
},
{
"name": "[apr-dev] 20090602 [PATCH] prevent \"billion laughs\" attack against expat",
"refsource": "MLIST",
"url": "http://marc.info/?l=apr-dev&m=124396021826125&w=2"
},
{
"name": "MDVSA-2009:131",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
},
{
"name": "oval:org.mitre.oval:def:10270",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10270"
},
{
"name": "35360",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35360"
},
{
"name": "ADV-2010-1107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "[oss-security] 20090603 CVE request: \"billion laughs\" attack against Apache APR",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/06/03/4"
},
{
"name": "35395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35395"
},
{
"name": "PK99478",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
},
{
"name": "20090824 rPSA-2009-0123-1 apr-util",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506053/100/0/threaded"
},
{
"name": "SUSE-SR:2010:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "35284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35284"
},
{
"name": "PK91241",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
},
{
"name": "36473",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36473"
},
{
"name": "PK88342",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88342"
},
{
"name": "35843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35843"
},
{
"name": "FEDORA-2009-6014",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
},
{
"name": "RHSA-2009:1108",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
},
{
"name": "HPSBUX02612",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
},
{
"name": "oval:org.mitre.oval:def:12473",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12473"
},
{
"name": "35797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35797"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name": "GLSA-200907-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-03.xml"
},
{
"name": "http://svn.apache.org/viewvc?view=rev&revision=781403",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=rev&revision=781403"
},
{
"name": "FEDORA-2009-6261",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
},
{
"name": "USN-786-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-786-1"
},
{
"name": "34724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34724"
},
{
"name": "37221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37221"
},
{
"name": "35565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35565"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0123",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0123"
},
{
"name": "8842",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8842"
},
{
"name": "SSRT100345",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
},
{
"name": "SSA:2009-167-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "35710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35710"
},
{
"name": "35253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35253"
},
{
"name": "RHSA-2009:1107",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "USN-787-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-787-1"
}
]
}
}

180
2009/1xxx/CVE-2009-1988.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1988",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile Manager component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 19, and 9.0 Bundle 9 allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name" : "35696",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35696"
},
{
"name" : "55910",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55910"
},
{
"name" : "1022566",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022566"
},
{
"name" : "35776",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35776"
},
{
"name" : "ADV-2009-1900",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name" : "oracle-pse-jdee-pehem-unspecified(51770)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile Manager component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 19, and 9.0 Bundle 9 allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35696"
},
{
"name": "55910",
"refsource": "OSVDB",
"url": "http://osvdb.org/55910"
},
{
"name": "35776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35776"
},
{
"name": "ADV-2009-1900",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name": "1022566",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022566"
},
{
"name": "oracle-pse-jdee-pehem-unspecified(51770)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51770"
}
]
}
}

140
2012/2xxx/CVE-2012-2051.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2051",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-2051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
},
{
"name" : "GLSA-201308-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml"
},
{
"name" : "oval:org.mitre.oval:def:16394",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16394"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16394",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16394"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
},
{
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}
}

34
2012/2xxx/CVE-2012-2079.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2079",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2079",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2012/2xxx/CVE-2012-2225.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2225",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.vulnhunt.com/index.php/2012/01/01/cal-2011-0080/",
"refsource" : "MISC",
"url" : "http://blog.vulnhunt.com/index.php/2012/01/01/cal-2011-0080/"
},
{
"name" : "360zip-file-code-execution(74810)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74810"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "360zip-file-code-execution(74810)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74810"
},
{
"name": "http://blog.vulnhunt.com/index.php/2012/01/01/cal-2011-0080/",
"refsource": "MISC",
"url": "http://blog.vulnhunt.com/index.php/2012/01/01/cal-2011-0080/"
}
]
}
}

130
2012/2xxx/CVE-2012-2282.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2012-2282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120711 ESA-2012-027: EMC Celerra/VNX/VNXe Improper Access Control Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0063.html"
},
{
"name" : "1027242",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027242"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120711 ESA-2012-027: EMC Celerra/VNX/VNXe Improper Access Control Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0063.html"
},
{
"name": "1027242",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027242"
}
]
}
}

200
2012/2xxx/CVE-2012-2300.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name" : "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name" : "http://drupal.org/node/1547674",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1547674"
},
{
"name" : "http://drupal.org/node/1547506",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1547506"
},
{
"name" : "http://drupal.org/node/1547508",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1547508"
},
{
"name" : "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8"
},
{
"name" : "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658"
},
{
"name" : "53251",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53251"
},
{
"name" : "48935",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48935"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120502 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/2"
},
{
"name": "48935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48935"
},
{
"name": "http://drupal.org/node/1547674",
"refsource": "MISC",
"url": "http://drupal.org/node/1547674"
},
{
"name": "http://drupal.org/node/1547508",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547508"
},
{
"name": "[oss-security] 20120502 CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/03/1"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658"
},
{
"name": "53251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53251"
},
{
"name": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8"
},
{
"name": "http://drupal.org/node/1547506",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1547506"
}
]
}
}

180
2012/2xxx/CVE-2012-2449.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2449",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2012-0009.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2012-0009.html"
},
{
"name" : "53369",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53369"
},
{
"name" : "81694",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81694"
},
{
"name" : "oval:org.mitre.oval:def:16863",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16863"
},
{
"name" : "1027019",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027019"
},
{
"name" : "49032",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49032"
},
{
"name" : "vmware-esxserver-floppy-priv-esc(75376)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75376"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81694",
"refsource": "OSVDB",
"url": "http://osvdb.org/81694"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2012-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0009.html"
},
{
"name": "oval:org.mitre.oval:def:16863",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16863"
},
{
"name": "49032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49032"
},
{
"name": "53369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53369"
},
{
"name": "vmware-esxserver-floppy-priv-esc(75376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75376"
},
{
"name": "1027019",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027019"
}
]
}
}

190
2012/2xxx/CVE-2012-2962.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20033",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/20033"
},
{
"name" : "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html",
"refsource" : "CONFIRM",
"url" : "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"name" : "http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf"
},
{
"name" : "VU#404051",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/404051"
},
{
"name" : "54625",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54625"
},
{
"name" : "84232",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/84232"
},
{
"name" : "50052",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50052"
},
{
"name" : "scrutinizer-statusfilter-sql-injection(77148)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77148"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84232",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/84232"
},
{
"name": "50052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50052"
},
{
"name": "http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf",
"refsource": "CONFIRM",
"url": "http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf"
},
{
"name": "54625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54625"
},
{
"name": "20033",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20033"
},
{
"name": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html",
"refsource": "CONFIRM",
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"name": "VU#404051",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/404051"
},
{
"name": "scrutinizer-statusfilter-sql-injection(77148)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77148"
}
]
}
}

140
2012/3xxx/CVE-2012-3154.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.0 allows remote authenticated users to affect confidentiality, related to ATTACH."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "50998",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50998"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.0 allows remote authenticated users to affect confidentiality, related to ATTACH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50998"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2012/3xxx/CVE-2012-3262.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1464."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-3262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU02815",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03489683"
},
{
"name" : "SSRT100718",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03489683"
},
{
"name" : "SSRT100715",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134825051608877&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1464."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100718",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03489683"
},
{
"name": "SSRT100715",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134825051608877&w=2"
},
{
"name": "HPSBMU02815",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03489683"
}
]
}
}

130
2012/3xxx/CVE-2012-3285.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3285",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-3285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST02846",
"refsource" : "HP",
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03661318"
},
{
"name" : "SSRT100800",
"refsource" : "HP",
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03661318"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1513."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBST02846",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03661318"
},
{
"name": "SSRT100800",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03661318"
}
]
}
}

130
2012/3xxx/CVE-2012-3886.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120712 security advisory: AirDroid 1.0.4 beta",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html"
},
{
"name" : "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt",
"refsource" : "MISC",
"url" : "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120712 security advisory: AirDroid 1.0.4 beta",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html"
},
{
"name": "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt",
"refsource": "MISC",
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt"
}
]
}
}

34
2012/4xxx/CVE-2012-4124.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4124",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-4124",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

160
2012/4xxx/CVE-2012-4472.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4472",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/10/04/5"
},
{
"name" : "http://drupal.org/node/1679442",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1679442"
},
{
"name" : "http://www.opensyscom.fr/Actualites/drupal-modules-drag-a-drop-gallery-arbitrary-file-upload-vulnerability.html",
"refsource" : "MISC",
"url" : "http://www.opensyscom.fr/Actualites/drupal-modules-drag-a-drop-gallery-arbitrary-file-upload-vulnerability.html"
},
{
"name" : "54380",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54380"
},
{
"name" : "49698",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49698"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in upload.php in the Drag & Drop Gallery module 6.x-1.5 and earlier for Drupal allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the directory specified by the filedir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opensyscom.fr/Actualites/drupal-modules-drag-a-drop-gallery-arbitrary-file-upload-vulnerability.html",
"refsource": "MISC",
"url": "http://www.opensyscom.fr/Actualites/drupal-modules-drag-a-drop-gallery-arbitrary-file-upload-vulnerability.html"
},
{
"name": "54380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54380"
},
{
"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/5"
},
{
"name": "49698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49698"
},
{
"name": "http://drupal.org/node/1679442",
"refsource": "MISC",
"url": "http://drupal.org/node/1679442"
}
]
}
}

170
2012/4xxx/CVE-2012-4685.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4685",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120403 Arbor Networks Peakflow SP web interface XSS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0019.html"
},
{
"name" : "20120404 Re: Arbor Networks Peakflow SP web interface XSS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0036.html"
},
{
"name" : "20120404 Re: Arbor Networks Peakflow SP web interface XSS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0037.html"
},
{
"name" : "52881",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52881"
},
{
"name" : "48728",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48728"
},
{
"name" : "peakflowsp-login-xss(74648)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74648"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52881"
},
{
"name": "peakflowsp-login-xss(74648)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74648"
},
{
"name": "20120404 Re: Arbor Networks Peakflow SP web interface XSS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0036.html"
},
{
"name": "20120403 Arbor Networks Peakflow SP web interface XSS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0019.html"
},
{
"name": "20120404 Re: Arbor Networks Peakflow SP web interface XSS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0037.html"
},
{
"name": "48728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48728"
}
]
}
}

34
2012/4xxx/CVE-2012-4986.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4986",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4986",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2012/6xxx/CVE-2012-6495.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name" : "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name" : "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f",
"refsource" : "CONFIRM",
"url" : "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name" : "http://moinmo.in/MoinMoinRelease1.9",
"refsource" : "CONFIRM",
"url" : "http://moinmo.in/MoinMoinRelease1.9"
},
{
"name" : "http://moinmo.in/SecurityFixes",
"refsource" : "CONFIRM",
"url" : "http://moinmo.in/SecurityFixes"
},
{
"name" : "DSA-2593",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2593"
},
{
"name" : "USN-1680-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1680-1"
},
{
"name" : "51696",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51696"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moinmo.in/MoinMoinRelease1.9",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1680-1"
}
]
}
}

130
2012/6xxx/CVE-2012-6630.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter to media-library-categories/add.php or (2) q parameter to media-library-categories/view.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/112697/WordPress-Media-Categories-1.1.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/112697/WordPress-Media-Categories-1.1.1-Cross-Site-Scripting.html"
},
{
"name" : "49170",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49170"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter to media-library-categories/add.php or (2) q parameter to media-library-categories/view.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/112697/WordPress-Media-Categories-1.1.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112697/WordPress-Media-Categories-1.1.1-Cross-Site-Scripting.html"
},
{
"name": "49170",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49170"
}
]
}
}

130
2017/2xxx/CVE-2017-2102.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"version" : {
"version_data" : [
{
"version_value" : "V3.0.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"version": {
"version_data": [
{
"version_value": "V3.0.0 and earlier"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#39008927",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN39008927/index.html"
},
{
"name" : "96260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96260"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96260"
},
{
"name": "JVN#39008927",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN39008927/index.html"
}
]
}
}

310
2017/2xxx/CVE-2017-2344.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2017-07-12T09:00",
"ID" : "CVE-2017-2344",
"STATE" : "PUBLIC",
"TITLE" : "Junos: Buffer overflow in sockets library"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"platform" : "",
"version_value" : "12.1X46 prior to 12.1X46-D67"
},
{
"platform" : "",
"version_value" : "12.3X48 prior to 12.3X48-D51, 12.3X48-D55"
},
{
"platform" : "",
"version_value" : "13.3 prior to 13.3R10-S2"
},
{
"platform" : "",
"version_value" : "14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9"
},
{
"platform" : "",
"version_value" : "14.1X50 prior to 14.1X50-D185"
},
{
"platform" : "",
"version_value" : "14.1X53 prior to 14.1X53-D122, 14.1X53-D45, 14.1X53-D50"
},
{
"platform" : "",
"version_value" : "14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8"
},
{
"platform" : "",
"version_value" : "15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7"
},
{
"platform" : "",
"version_value" : "15.1X49 prior to 15.1X49-D100"
},
{
"platform" : "",
"version_value" : "15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70"
},
{
"platform" : "",
"version_value" : "16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5"
},
{
"platform" : "",
"version_value" : "16.2 prior to 16.2R2"
},
{
"platform" : "",
"version_value" : "17.1 prior to 17.1R1-S3, 17.1R2"
},
{
"platform" : "",
"version_value" : "17.2 prior to 17.2R1-S1, 17.2R2"
},
{
"platform" : "",
"version_value" : "17.2X75 prior to 17.2X75-D30"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration" : [],
"credit" : [],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service (kernel panic) or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running on the device itself, and veriexec restricts arbitrary programs from running on Junos OS. There are no known exploit vectors utilizing signed binaries shipped with Junos OS itself. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 7.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2017-07-12T09:00",
"ID": "CVE-2017-2344",
"STATE": "PUBLIC",
"TITLE": "Junos: Buffer overflow in sockets library"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "",
"version_value": "12.1X46 prior to 12.1X46-D67"
},
{
"platform": "",
"version_value": "12.3X48 prior to 12.3X48-D51, 12.3X48-D55"
},
{
"platform": "",
"version_value": "13.3 prior to 13.3R10-S2"
},
{
"platform": "",
"version_value": "14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9"
},
{
"platform": "",
"version_value": "14.1X50 prior to 14.1X50-D185"
},
{
"platform": "",
"version_value": "14.1X53 prior to 14.1X53-D122, 14.1X53-D45, 14.1X53-D50"
},
{
"platform": "",
"version_value": "14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8"
},
{
"platform": "",
"version_value": "15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7"
},
{
"platform": "",
"version_value": "15.1X49 prior to 15.1X49-D100"
},
{
"platform": "",
"version_value": "15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70"
},
{
"platform": "",
"version_value": "16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5"
},
{
"platform": "",
"version_value": "16.2 prior to 16.2R2"
},
{
"platform": "",
"version_value": "17.1 prior to 17.1R1-S3, 17.1R2"
},
{
"platform": "",
"version_value": "17.2 prior to 17.2R1-S1, 17.2R2"
},
{
"platform": "",
"version_value": "17.2X75 prior to 17.2X75-D30"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10792",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10792"
},
{
"name" : "99556",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99556"
},
{
"name" : "1038896",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038896"
}
]
},
"solution" : "The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D67, 12.3X48-D51, 12.3X48-D55, 13.3R10-S2, 14.1R2-S10, 14.1R8-S4, 14.1R9, 14.1X53-D122, 14.1X53-D45, 14.1X53-D50, 14.2R7-S7, 14.2R8, 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7, 15.1X49-D100, 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70, 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5, 16.2R2, 17.1R1-S3, 17.1R2, 17.2R1-S1, 17.2R2, 17.3R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1282562 and is visible on the Customer Support website.",
"work_around" : [
{
"lang" : "eng",
"value" : "Limit access to the Junos CLI only from trusted hosts and administrators."
}
]
}
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service (kernel panic) or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running on the device itself, and veriexec restricts arbitrary programs from running on Junos OS. There are no known exploit vectors utilizing signed binaries shipped with Junos OS itself. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D45, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2; 17.1 prior to 17.1R1-S3, 17.1R2; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038896",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038896"
},
{
"name": "https://kb.juniper.net/JSA10792",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10792"
},
{
"name": "99556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99556"
}
]
},
"solution": "The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D67, 12.3X48-D51, 12.3X48-D55, 13.3R10-S2, 14.1R2-S10, 14.1R8-S4, 14.1R9, 14.1X53-D122, 14.1X53-D45, 14.1X53-D50, 14.2R7-S7, 14.2R8, 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7, 15.1X49-D100, 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70, 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5, 16.2R2, 17.1R1-S3, 17.1R2, 17.2R1-S1, 17.2R2, 17.3R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1282562 and is visible on the Customer Support website.",
"work_around": [
{
"lang": "eng",
"value": "Limit access to the Junos CLI only from trusted hosts and administrators."
}
]
}

150
2017/2xxx/CVE-2017-2491.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41964",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41964/"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-321",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-321"
},
{
"name" : "https://support.apple.com/en-us/HT207617",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/en-us/HT207617"
},
{
"name" : "98316",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/en-us/HT207617"
},
{
"name": "41964",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41964/"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-17-321",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-321"
},
{
"name": "98316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98316"
}
]
}
}

142
2017/2xxx/CVE-2017-2834.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-07-24T00:00:00",
"ID" : "CVE-2017-2834",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FreeRDP",
"version" : {
"version_data" : [
{
"version_value" : "2.0.0-beta1+android11 - Windows, OSX, Linux"
}
]
}
}
]
},
"vendor_name" : "FreeRDP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-07-24T00:00:00",
"ID": "CVE-2017-2834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeRDP",
"version": {
"version_data": [
{
"version_value": "2.0.0-beta1+android11 - Windows, OSX, Linux"
}
]
}
}
]
},
"vendor_name": "FreeRDP"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336"
},
{
"name" : "DSA-3923",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3923"
},
{
"name" : "99942",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99942"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99942"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336"
},
{
"name": "DSA-3923",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3923"
}
]
}
}

34
2017/6xxx/CVE-2017-6583.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6583",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6583",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/11xxx/CVE-2018-11127.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "e107 2.1.7 has CSRF resulting in arbitrary user deletion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/e107inc/e107/issues/3128",
"refsource" : "MISC",
"url" : "https://github.com/e107inc/e107/issues/3128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "e107 2.1.7 has CSRF resulting in arbitrary user deletion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/e107inc/e107/issues/3128",
"refsource": "MISC",
"url": "https://github.com/e107inc/e107/issues/3128"
}
]
}
}

34
2018/11xxx/CVE-2018-11755.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11755",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11755",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/11xxx/CVE-2018-11934.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11934",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11934",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/14xxx/CVE-2018-14471.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14471",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/LibreDWG/libredwg/issues/32",
"refsource" : "MISC",
"url" : "https://github.com/LibreDWG/libredwg/issues/32"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LibreDWG/libredwg/issues/32",
"refsource": "MISC",
"url": "https://github.com/LibreDWG/libredwg/issues/32"
}
]
}
}

135
2018/14xxx/CVE-2018-14616.json
View File

@ -1,67 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14616",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.kernel.org/show_bug.cgi?id=200465",
"refsource" : "MISC",
"url" : "https://bugzilla.kernel.org/show_bug.cgi?id=200465"
},
{
"name" : "104917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104917"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200465",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200465"
},
{
"name": "104917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104917"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html"
}
]
}
}

34
2018/14xxx/CVE-2018-14868.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14868",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14868",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15037.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15037",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15037",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15070.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15070",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15070",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15078.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15078",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15078",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2018/15xxx/CVE-2018-15910.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15910",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"
},
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880",
"refsource" : "MISC",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880"
},
{
"name" : "https://www.kb.cert.org/vuls/id/332928",
"refsource" : "MISC",
"url" : "https://www.kb.cert.org/vuls/id/332928"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699656",
"refsource" : "MISC",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699656"
},
{
"name" : "DSA-4288",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4288"
},
{
"name" : "GLSA-201811-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-12"
},
{
"name" : "RHSA-2018:2918",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2918"
},
{
"name" : "USN-3768-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3768-1/"
},
{
"name" : "105122",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105122"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2918",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2918"
},
{
"name": "GLSA-201811-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-12"
},
{
"name": "USN-3768-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3768-1/"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880",
"refsource": "MISC",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=699656",
"refsource": "MISC",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=699656"
},
{
"name": "https://www.kb.cert.org/vuls/id/332928",
"refsource": "MISC",
"url": "https://www.kb.cert.org/vuls/id/332928"
},
{
"name": "DSA-4288",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4288"
},
{
"name": "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"
},
{
"name": "105122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105122"
}
]
}
}

140
2018/15xxx/CVE-2018-15944.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-15944",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader",
"version" : {
"version_data" : [
{
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds write"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-15944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader",
"version": {
"version_data": [
{
"version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"name" : "105432",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105432"
},
{
"name" : "1041809",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"name": "105432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105432"
}
]
}
}

120
2018/20xxx/CVE-2018-20376.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20376",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00013.html",
"refsource" : "MISC",
"url" : "https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00013.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00013.html",
"refsource": "MISC",
"url": "https://lists.nongnu.org/archive/html/tinycc-devel/2018-12/msg00013.html"
}
]
}
}

120
2018/20xxx/CVE-2018-20567.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20567",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in DouCo DouPHP 1.5 20181221. \\install\\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#reloadapplication",
"refsource" : "MISC",
"url" : "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#reloadapplication"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in DouCo DouPHP 1.5 20181221. \\install\\index.php allows a reload of the product in opportunistic circumstances in which install.lock cannot be read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#reloadapplication",
"refsource": "MISC",
"url": "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#reloadapplication"
}
]
}
}

208
2018/8xxx/CVE-2018-8037.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-07-22T00:00:00",
"ID" : "CVE-2018-8037",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Tomcat",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.M9 to 9.0.9"
},
{
"version_value" : "8.5.5 to 8.5.31"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-07-22T00:00:00",
"ID": "CVE-2018-8037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_value": "9.0.0.M9 to 9.0.9"
},
{
"version_value": "8.5.5 to 8.5.31"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[www-announce] 20180722 [SECURITY] CVE-2018-8037 Apache Tomcat - Information Disclosure",
"refsource" : "MLIST",
"url" : "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E"
},
{
"name" : "[www-announce] 20180809 [UPDATE][SECURITY] CVE-2018-8037 Apache Tomcat - Information Disclosure",
"refsource" : "MLIST",
"url" : "http://mail-archives.us.apache.org/mod_mbox/www-announce/201808.mbox/%3C0c616b4d-4e81-e7f8-b81d-1bb4c575aa33%40apache.org%3E"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180817-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180817-0001/"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "DSA-4281",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4281"
},
{
"name" : "RHSA-2018:2867",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2867"
},
{
"name" : "RHSA-2018:2868",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2868"
},
{
"name" : "104894",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104894"
},
{
"name" : "1041376",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041376"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[www-announce] 20180722 [SECURITY] CVE-2018-8037 Apache Tomcat - Information Disclosure",
"refsource": "MLIST",
"url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E"
},
{
"name": "1041376",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041376"
},
{
"name": "104894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104894"
},
{
"name": "DSA-4281",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4281"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180817-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180817-0001/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "[www-announce] 20180809 [UPDATE][SECURITY] CVE-2018-8037 Apache Tomcat - Information Disclosure",
"refsource": "MLIST",
"url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201808.mbox/%3C0c616b4d-4e81-e7f8-b81d-1bb4c575aa33%40apache.org%3E"
},
{
"name": "RHSA-2018:2867",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2867"
},
{
"name": "RHSA-2018:2868",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2868"
}
]
}
}