admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:30:08 +00:00
parent b562af75ae
commit 69a76e9b40
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3559 additions and 3559 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

398
2004/0xxx/CVE-2004-0112.json
View File

@ -1,202 +1,202 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0112", "ID": "CVE-2004-0112",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107953412903636&w=2" "lang": "eng",
}, "value": "The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read."
{ }
"name" : "http://www.openssl.org/news/secadv_20040317.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://www.openssl.org/news/secadv_20040317.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.uniras.gov.uk/vuls/2004/224012/index.htm", "description": [
"refsource" : "MISC", {
"url" : "http://www.uniras.gov.uk/vuls/2004/224012/index.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2005-08-15", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2005-08-17", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" "name": "9899",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/9899"
"name" : "20040317 Cisco OpenSSL Implementation Vulnerability", },
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml" "name": "SSRT4717",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=108403806509920&w=2"
"name" : "CLA-2004:834", },
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834" "name": "RHSA-2004:121",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-121.html"
"name" : "GLSA-200403-03", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200403-03.xml" "name": "MDKSA-2004:023",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023"
"name" : "MDKSA-2004:023", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:023" "name": "CLA-2004:834",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834"
"name" : "NetBSD-SA2004-005", },
"refsource" : "NETBSD", {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc" "name": "SCOSA-2004.10",
}, "refsource": "SCO",
{ "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt"
"name" : "RHSA-2004:120", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-120.html" "name": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm",
}, "refsource": "MISC",
{ "url": "http://www.uniras.gov.uk/vuls/2004/224012/index.htm"
"name" : "RHSA-2004:121", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-121.html" "name": "57524",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524"
"name" : "SCOSA-2004.10", },
"refsource" : "SCO", {
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt" "name": "SuSE-SA:2004:007",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2004_07_openssl.html"
"name" : "SSA:2004-077", },
"refsource" : "SLACKWARE", {
"url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961" "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
}, "refsource": "CONFIRM",
{ "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
"name" : "SuSE-SA:2004:007", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2004_07_openssl.html" "name": "http://www.openssl.org/news/secadv_20040317.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.openssl.org/news/secadv_20040317.txt"
"name" : "57524", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57524" "name": "NetBSD-SA2004-005",
}, "refsource": "NETBSD",
{ "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc"
"name" : "2004-0012", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2004/0012" "name": "O-101",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/o-101.shtml"
"name" : "SSRT4717", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=108403806509920&w=2" "name": "TA04-078A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA04-078A.html"
"name" : "http://docs.info.apple.com/article.html?artnum=61798", },
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=61798" "name": "oval:org.mitre.oval:def:1049",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049"
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html", },
"refsource" : "CONFIRM", {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html" "name": "openssl-kerberos-ciphersuites-dos(15508)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508"
"name" : "TA04-078A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-078A.html" "name": "VU#484726",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/484726"
"name" : "VU#484726", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/484726" "name": "GLSA-200403-03",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200403-03.xml"
"name" : "O-101", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/o-101.shtml" "name": "oval:org.mitre.oval:def:9580",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580"
"name" : "9899", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9899" "name": "11139",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11139"
"name" : "oval:org.mitre.oval:def:1049", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1049" "name": "RHSA-2004:120",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-120.html"
"name" : "oval:org.mitre.oval:def:928", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928" "name": "20040317 New OpenSSL releases fix denial of service attacks [17 March 2004]",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=107953412903636&w=2"
"name" : "oval:org.mitre.oval:def:9580", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580" "name": "APPLE-SA-2005-08-15",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
"name" : "11139", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11139" "name": "SSA:2004-077",
}, "refsource": "SLACKWARE",
{ "url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.455961"
"name" : "openssl-kerberos-ciphersuites-dos(15508)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15508" "name": "2004-0012",
} "refsource": "TRUSTIX",
] "url": "http://www.trustix.org/errata/2004/0012"
} },
{
"name": "20040317 Cisco OpenSSL Implementation Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=61798",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"name": "APPLE-SA-2005-08-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:928",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928"
}
]
}
} }

148
2004/0xxx/CVE-2004-0335.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0335", "ID": "CVE-2004-0335",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LAN SUITE Web Mail 602Pro, when configured to use the \"Directory browsing\" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107799540630302&w=2" "lang": "eng",
}, "value": "LAN SUITE Web Mail 602Pro, when configured to use the \"Directory browsing\" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/."
{ }
"name" : "20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "602pro-directory-listing(15349)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15349" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "9780", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/9780" ]
} },
] "references": {
} "reference_data": [
{
"name": "20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html"
},
{
"name": "9780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9780"
},
{
"name": "602pro-directory-listing(15349)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15349"
},
{
"name": "20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107799540630302&w=2"
}
]
}
} }

148
2004/0xxx/CVE-2004-0340.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0340", "ID": "CVE-2004-0340",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040228 Critical WFTPD buffer overflow vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107801208004699&w=2" "lang": "eng",
}, "value": "Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands."
{ }
"name" : "9767", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9767" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11001", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11001" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "wftpd-ftp-commands-bo(15340)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15340" ]
} },
] "references": {
} "reference_data": [
{
"name": "wftpd-ftp-commands-bo(15340)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15340"
},
{
"name": "11001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11001"
},
{
"name": "20040228 Critical WFTPD buffer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107801208004699&w=2"
},
{
"name": "9767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9767"
}
]
}
} }

148
2004/0xxx/CVE-2004-0517.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0517", "ID": "CVE-2004-0517",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Mac OS X 10.3.4, related to \"handling of process IDs during package installation,\" a different vulnerability than CVE-2004-0516."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2004-05-28", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.seifried.org/pipermail/security/2004-May/003743.html" "lang": "eng",
}, "value": "Unknown vulnerability in Mac OS X 10.3.4, related to \"handling of process IDs during package installation,\" a different vulnerability than CVE-2004-0516."
{ }
"name" : "10432", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/10432" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1010331", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1010331" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "macosx-package-installation(16290)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16290" ]
} },
] "references": {
} "reference_data": [
{
"name": "1010331",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010331"
},
{
"name": "APPLE-SA-2004-05-28",
"refsource": "APPLE",
"url": "http://lists.seifried.org/pipermail/security/2004-May/003743.html"
},
{
"name": "macosx-package-installation(16290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16290"
},
{
"name": "10432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10432"
}
]
}
} }

148
2004/0xxx/CVE-2004-0711.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0711", "ID": "CVE-2004-0711",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in \"*\" as wildcards as if they were the legal \"/*\" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#184558", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/184558" "lang": "eng",
}, "value": "The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in \"*\" as wildcards as if they were the legal \"/*\" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected."
{ }
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp", ]
"refsource" : "CONFIRM", },
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "weblogic-urlpattern-obtain-information(15927)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15927" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "10184", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/10184" ]
} },
] "references": {
} "reference_data": [
{
"name": "10184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10184"
},
{
"name": "VU#184558",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/184558"
},
{
"name": "weblogic-urlpattern-obtain-information(15927)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15927"
},
{
"name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp",
"refsource": "CONFIRM",
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_56.00.jsp"
}
]
}
} }

208
2004/0xxx/CVE-2004-0975.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0975", "ID": "CVE-2004-0975",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-603", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-603" "lang": "eng",
}, "value": "The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files."
{ }
"name" : "GLSA-200411-15", ]
"refsource" : "GENTOO", },
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2005:476", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-476.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2004-0050", ]
"refsource" : "TRUSTIX", }
"url" : "http://www.trustix.org/errata/2004/0050" ]
}, },
{ "references": {
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302" "name": "GLSA-200411-15",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
"name" : "11293", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11293" "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302"
"name" : "oval:org.mitre.oval:def:164", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164" "name": "script-temporary-file-overwrite(17583)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
"name" : "oval:org.mitre.oval:def:10621", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621" "name": "2004-0050",
}, "refsource": "TRUSTIX",
{ "url": "http://www.trustix.org/errata/2004/0050"
"name" : "12973", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12973" "name": "oval:org.mitre.oval:def:164",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A164"
"name" : "script-temporary-file-overwrite(17583)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583" "name": "DSA-603",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2004/dsa-603"
} },
{
"name": "RHSA-2005:476",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-476.html"
},
{
"name": "11293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11293"
},
{
"name": "oval:org.mitre.oval:def:10621",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10621"
},
{
"name": "12973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12973"
}
]
}
} }

178
2004/1xxx/CVE-2004-1076.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1076", "ID": "CVE-2004-1076",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041125 Atari800 - local root.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110142899319841&w=2" "lang": "eng",
}, "value": "Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file."
{ }
"name" : "20041126 Re: Atari800 - local root. (fwd)", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=110149441815270&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-609", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-609" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://cvs.sourceforge.net/viewcvs.py/atari800/atari800/DOC/ChangeLog?view=markup", ]
"refsource" : "CONFIRM", }
"url" : "http://cvs.sourceforge.net/viewcvs.py/atari800/atari800/DOC/ChangeLog?view=markup" ]
}, },
{ "references": {
"name" : "11756", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11756" "name": "13670",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/13670/"
"name" : "12610", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/12610" "name": "20041126 Re: Atari800 - local root. (fwd)",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=110149441815270&w=2"
"name" : "13670", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13670/" "name": "DSA-609",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2004/dsa-609"
} },
{
"name": "12610",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12610"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/atari800/atari800/DOC/ChangeLog?view=markup",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/atari800/atari800/DOC/ChangeLog?view=markup"
},
{
"name": "11756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11756"
},
{
"name": "20041125 Atari800 - local root.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110142899319841&w=2"
}
]
}
} }

148
2004/1xxx/CVE-2004-1212.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1212", "ID": "CVE-2004-1212",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. (dot dot) in the file argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041202 Blog Torrent preview 0.8 - arbitary file download", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110200971917165&w=2" "lang": "eng",
}, "value": "Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. (dot dot) in the file argument."
{ }
"name" : "http://cvs.sourceforge.net/viewcvs.py/battletorrent/btorrent_server/btdownload.php?r1=1.6&r2=1.7", ]
"refsource" : "CONFIRM", },
"url" : "http://cvs.sourceforge.net/viewcvs.py/battletorrent/btorrent_server/btdownload.php?r1=1.6&r2=1.7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11795", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11795" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "blogtorrent-btdownloadphp-dir-traversal(18356)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18356" ]
} },
] "references": {
} "reference_data": [
{
"name": "11795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11795"
},
{
"name": "blogtorrent-btdownloadphp-dir-traversal(18356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18356"
},
{
"name": "20041202 Blog Torrent preview 0.8 - arbitary file download",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110200971917165&w=2"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/battletorrent/btorrent_server/btdownload.php?r1=1.6&r2=1.7",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/battletorrent/btorrent_server/btdownload.php?r1=1.6&r2=1.7"
}
]
}
} }

128
2004/1xxx/CVE-2004-1289.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1289", "ID": "CVE-2004-1289",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tigger.uic.edu/~jlongs2/holes/pcal.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://tigger.uic.edu/~jlongs2/holes/pcal.txt" "lang": "eng",
}, "value": "Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file."
{ }
"name" : "pcal-getline-pcalutil-bo(18552)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18552" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tigger.uic.edu/~jlongs2/holes/pcal.txt",
"refsource": "MISC",
"url": "http://tigger.uic.edu/~jlongs2/holes/pcal.txt"
},
{
"name": "pcal-getline-pcalutil-bo(18552)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18552"
}
]
}
} }

168
2004/1xxx/CVE-2004-1391.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1391", "ID": "CVE-2004-1391",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040903 [RLSA_01-2004] QNX PPPoEd local root vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0155.html" "lang": "eng",
}, "value": "Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program."
{ }
"name" : "http://www.rfdslabs.com.br/qnx-advs-01-2004.txt", ]
"refsource" : "MISC", },
"url" : "http://www.rfdslabs.com.br/qnx-advs-01-2004.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#577566", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/577566" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11105", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/11105" ]
}, },
{ "references": {
"name" : "9661", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/9661" "name": "http://www.rfdslabs.com.br/qnx-advs-01-2004.txt",
}, "refsource": "MISC",
{ "url": "http://www.rfdslabs.com.br/qnx-advs-01-2004.txt"
"name" : "qnx-rtp-mount-command-execute(17284)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17284" "name": "11105",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/11105"
} },
{
"name": "9661",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9661"
},
{
"name": "qnx-rtp-mount-command-execute(17284)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17284"
},
{
"name": "20040903 [RLSA_01-2004] QNX PPPoEd local root vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0155.html"
},
{
"name": "VU#577566",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/577566"
}
]
}
} }

138
2004/1xxx/CVE-2004-1586.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1586", "ID": "CVE-2004-1586",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Flash Messaging clients can ignore disconnecting commands such as \"shutdown\" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041007 Server crash in Flash Messaging 5.2.0g", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109716787607302&w=2" "lang": "eng",
}, "value": "Flash Messaging clients can ignore disconnecting commands such as \"shutdown\" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected."
{ }
"name" : "1011569", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1011569" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12759", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12759/" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20041007 Server crash in Flash Messaging 5.2.0g",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109716787607302&w=2"
},
{
"name": "1011569",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011569"
},
{
"name": "12759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12759/"
}
]
}
} }

158
2004/1xxx/CVE-2004-1865.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1865", "ID": "CVE-2004-1865",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040326 bblog 0.7.2 cross site scripting", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108034226717745&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability."
{ }
"name" : "13397", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/13397" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10510", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/10510" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1009564", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1009564" ]
}, },
{ "references": {
"name" : "bblog-name-xss(15635)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15635" "name": "bblog-name-xss(15635)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15635"
} },
{
"name": "1009564",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009564"
},
{
"name": "10510",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10510"
},
{
"name": "13397",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13397"
},
{
"name": "20040326 bblog 0.7.2 cross site scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108034226717745&w=2"
}
]
}
} }

158
2008/2xxx/CVE-2008-2024.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2024", "ID": "CVE-2008-2024",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5494", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5494" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, and possibly earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the glang[] parameter in a registernew action."
{ }
"name" : "http://www.minibb.net/forums/9_5110_0.html", ]
"refsource" : "MISC", },
"url" : "http://www.minibb.net/forums/9_5110_0.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28930", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28930" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "29997", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/29997" ]
}, },
{ "references": {
"name" : "minibb-glang-xss(42013)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42013" "name": "28930",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/28930"
} },
{
"name": "29997",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29997"
},
{
"name": "5494",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5494"
},
{
"name": "minibb-glang-xss(42013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42013"
},
{
"name": "http://www.minibb.net/forums/9_5110_0.html",
"refsource": "MISC",
"url": "http://www.minibb.net/forums/9_5110_0.html"
}
]
}
} }

168
2008/2xxx/CVE-2008-2625.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2625", "ID": "CVE-2008-2625",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081019 CVE-2008-2625: Oracle DBMS ? Proxy Authentication Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/497539/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-2825", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2825" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1021050", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1021050" ]
}, },
{ "references": {
"name" : "32291", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32291" "name": "20081019 CVE-2008-2625: Oracle DBMS ? Proxy Authentication Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/497539/100/0/threaded"
"name" : "oracle-db-corerdbms-unauth-access(45880)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45880" "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"
} },
{
"name": "oracle-db-corerdbms-unauth-access(45880)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45880"
},
{
"name": "32291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32291"
},
{
"name": "1021050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021050"
},
{
"name": "ADV-2008-2825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2825"
}
]
}
} }

188
2008/3xxx/CVE-2008-3010.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-3010", "ID": "CVE-2008-3010",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka \"ISATAP Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS08-076", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076" "lang": "eng",
}, "value": "Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka \"ISATAP Vulnerability.\""
{ }
"name" : "TA08-344A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32654", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32654" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:5689", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5689" ]
}, },
{ "references": {
"name" : "33058", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33058" "name": "1021374",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021374"
"name" : "ADV-2008-3388", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3388" "name": "oval:org.mitre.oval:def:5689",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5689"
"name" : "1021374", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021374" "name": "TA08-344A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
"name" : "1021375", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021375" "name": "1021375",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1021375"
} },
{
"name": "33058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33058"
},
{
"name": "ADV-2008-3388",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3388"
},
{
"name": "32654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32654"
},
{
"name": "MS08-076",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-076"
}
]
}
} }

178
2008/3xxx/CVE-2008-3734.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3734", "ID": "CVE-2008-3734",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6257", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6257" "lang": "eng",
}, "value": "Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response)."
{ }
"name" : "30720", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30720" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1020713", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020713" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1020714", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1020714" ]
}, },
{ "references": {
"name" : "31504", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31504" "name": "6257",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/6257"
"name" : "4173", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4173" "name": "1020713",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020713"
"name" : "wsftp-response-format-string(44512)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44512" "name": "4173",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/4173"
} },
{
"name": "wsftp-response-format-string(44512)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44512"
},
{
"name": "1020714",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020714"
},
{
"name": "30720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30720"
},
{
"name": "31504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31504"
}
]
}
} }

208
2008/3xxx/CVE-2008-3800.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2008-3800", "ID": "CVE-2008-3800",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml" "lang": "eng",
}, "value": "Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802."
{ }
"name" : "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities", ]
"refsource" : "CISCO", },
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31367", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31367" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:6086", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086" ]
}, },
{ "references": {
"name" : "1020942", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020942" "name": "31990",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31990"
"name" : "1020939", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020939" "name": "31367",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31367"
"name" : "ADV-2008-2670", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2670" "name": "oval:org.mitre.oval:def:6086",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6086"
"name" : "ADV-2008-2671", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2671" "name": "32013",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32013"
"name" : "31990", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31990" "name": "ADV-2008-2670",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2670"
"name" : "32013", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32013" "name": "ADV-2008-2671",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/2671"
} },
{
"name": "20080924 Multiple Cisco IOS Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a01562.shtml"
},
{
"name": "1020942",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020942"
},
{
"name": "1020939",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020939"
},
{
"name": "20080924 Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0156a.shtml"
}
]
}
} }

178
2008/3xxx/CVE-2008-3971.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3971", "ID": "CVE-2008-3971",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector does not have a scenario that crosses privilege boundaries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20080906 CVE id requests: gmanedit", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/09/06/2" "lang": "eng",
}, "value": "Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector does not have a scenario that crosses privilege boundaries."
{ }
"name" : "[oss-security] 20080909 Re: CVE id requests: gmanedit", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2008/09/09/13" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20080909 Re: CVE id requests: gmanedit", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/09/09/19" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835", ]
"refsource" : "CONFIRM", }
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835" ]
}, },
{ "references": {
"name" : "31040", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31040" "name": "[oss-security] 20080906 CVE id requests: gmanedit",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2008/09/06/2"
"name" : "gmanedit-readconffromfile-bo(44962)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44962" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835"
"name" : "gmanedit-glocaletoutf8-bo(44963)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44963" "name": "[oss-security] 20080909 Re: CVE id requests: gmanedit",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2008/09/09/19"
} },
{
"name": "gmanedit-glocaletoutf8-bo(44963)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44963"
},
{
"name": "gmanedit-readconffromfile-bo(44962)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44962"
},
{
"name": "[oss-security] 20080909 Re: CVE id requests: gmanedit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/09/09/13"
},
{
"name": "31040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31040"
}
]
}
} }

158
2008/6xxx/CVE-2008-6118.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6118", "ID": "CVE-2008-6118",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7205", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7205" "lang": "eng",
}, "value": "win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1."
{ }
"name" : "32437", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32437" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32819", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32819" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-3235", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/3235" ]
}, },
{ "references": {
"name" : "gooplecms-upload-security-bypass(46799)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46799" "name": "ADV-2008-3235",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/3235"
} },
{
"name": "gooplecms-upload-security-bypass(46799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46799"
},
{
"name": "32819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32819"
},
{
"name": "32437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32437"
},
{
"name": "7205",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7205"
}
]
}
} }

158
2008/6xxx/CVE-2008-6430.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6430", "ID": "CVE-2008-6430",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5714", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5714" "lang": "eng",
}, "value": "SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php."
{ }
"name" : "29468", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29468" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "45852", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/45852" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30490", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30490" ]
}, },
{ "references": {
"name" : "mycontent-index-sql-injection(42783)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42783" "name": "30490",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/30490"
} },
{
"name": "5714",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5714"
},
{
"name": "29468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29468"
},
{
"name": "mycontent-index-sql-injection(42783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42783"
},
{
"name": "45852",
"refsource": "OSVDB",
"url": "http://osvdb.org/45852"
}
]
}
} }

138
2008/6xxx/CVE-2008-6640.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6640", "ID": "CVE-2008-6640",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securityfocus.com/bid/29057/exploit", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securityfocus.com/bid/29057/exploit" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "29057", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29057" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "batmanportal-id-sql-injection(42231)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42231" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "batmanportal-id-sql-injection(42231)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42231"
},
{
"name": "http://www.securityfocus.com/bid/29057/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/29057/exploit"
},
{
"name": "29057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29057"
}
]
}
} }

158
2008/6xxx/CVE-2008-6653.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6653", "ID": "CVE-2008-6653",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5527", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5527" "lang": "eng",
}, "value": "SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php."
{ }
"name" : "http://forum.wh-com.de/index.php?topic=497.0", ]
"refsource" : "CONFIRM", },
"url" : "http://forum.wh-com.de/index.php?topic=497.0" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29000", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29000" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "50423", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/50423" ]
}, },
{ "references": {
"name" : "webhosting-catid-sql-injection(42124)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42124" "name": "50423",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/50423"
} },
{
"name": "5527",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5527"
},
{
"name": "29000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29000"
},
{
"name": "http://forum.wh-com.de/index.php?topic=497.0",
"refsource": "CONFIRM",
"url": "http://forum.wh-com.de/index.php?topic=497.0"
},
{
"name": "webhosting-catid-sql-injection(42124)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42124"
}
]
}
} }

148
2008/6xxx/CVE-2008-6874.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6874", "ID": "CVE-2008-6874",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7463", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7463" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp."
{ }
"name" : "32812", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32812" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "23572", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23572" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "autodealer-type-sql-injection(47365)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47365" ]
} },
] "references": {
} "reference_data": [
{
"name": "autodealer-type-sql-injection(47365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47365"
},
{
"name": "7463",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7463"
},
{
"name": "23572",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23572"
},
{
"name": "32812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32812"
}
]
}
} }

188
2013/2xxx/CVE-2013-2223.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-2223", "ID": "CVE-2013-2223",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130630 Re: CVE request: Multiple issues in GNU ZRTPCPP", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2013/q2/638" "lang": "eng",
}, "value": "GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by the getEpHash function."
{ }
"name" : "http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html", ]
"refsource" : "MISC", },
"url" : "http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201309-13", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-201309-13.xml" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:1599", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00052.html" "name": "openSUSE-SU-2013:1600",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00053.html"
"name" : "openSUSE-SU-2013:1600", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00053.html" "name": "https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/wernerd/ZRTPCPP/commit/4654f330317c9948bb61d138eb24d49690ca4637"
"name" : "53818", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53818" "name": "http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html",
}, "refsource": "MISC",
{ "url": "http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html"
"name" : "54998", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54998" "name": "54998",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/54998"
} },
{
"name": "openSUSE-SU-2013:1599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00052.html"
},
{
"name": "GLSA-201309-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201309-13.xml"
},
{
"name": "[oss-security] 20130630 Re: CVE request: Multiple issues in GNU ZRTPCPP",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q2/638"
},
{
"name": "53818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53818"
}
]
}
} }

32
2013/2xxx/CVE-2013-2252.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2252", "ID": "CVE-2013-2252",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2013/2xxx/CVE-2013-2834.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-2834", "ID": "CVE-2013-2834",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git;a=commit;h=9181705680e1f53fd1e895ebe84c1b7f18c5c380", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git;a=commit;h=9181705680e1f53fd1e895ebe84c1b7f18c5c380" "lang": "eng",
}, "value": "Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835."
{ }
"name" : "http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://code.google.com/p/chromium/issues/detail?id=227158", "description": [
"refsource" : "CONFIRM", {
"url" : "https://code.google.com/p/chromium/issues/detail?id=227158" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=227158",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=227158"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/04/stable-channel-update-for-chrome-os.html"
},
{
"name": "http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git;a=commit;h=9181705680e1f53fd1e895ebe84c1b7f18c5c380",
"refsource": "CONFIRM",
"url": "http://git.chromium.org/gitweb/?p=chromiumos/overlays/chromiumos-overlay.git;a=commit;h=9181705680e1f53fd1e895ebe84c1b7f18c5c380"
}
]
}
} }

128
2013/2xxx/CVE-2013-2982.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-2982", "ID": "CVE-2013-2982",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830" "lang": "eng",
}, "value": "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors."
{ }
"name" : "sterling-b2b-cve20132982-upload(83997)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83997" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sterling-b2b-cve20132982-upload(83997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83997"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830"
}
]
}
} }

158
2017/11xxx/CVE-2017-11257.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00", "DATE_PUBLIC": "2017-08-08T00:00:00",
"ID" : "CVE-2017-11257", "ID": "CVE-2017-11257",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Acrobat Reader", "product_name": "Acrobat Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2017.009.20058 and earlier" "version_value": "2017.009.20058 and earlier"
}, },
{ {
"version_value" : "2017.008.30051 and earlier" "version_value": "2017.008.30051 and earlier"
}, },
{ {
"version_value" : "2015.006.30306 and earlier" "version_value": "2015.006.30306 and earlier"
}, },
{ {
"version_value" : "11.0.20 and earlier" "version_value": "11.0.20 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe Systems Incorporated" "vendor_name": "Adobe Systems Incorporated"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Type Confusion"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html" "lang": "eng",
}, "value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "100181", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100181" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039098", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039098" "lang": "eng",
} "value": "Type Confusion"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name": "100181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100181"
},
{
"name": "1039098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039098"
}
]
}
} }

128
2017/14xxx/CVE-2017-14091.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@trendmicro.com", "ASSIGNER": "security@trendmicro.com",
"ID" : "CVE-2017-14091", "ID": "CVE-2017-14091",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Trend Micro ScanMail for Exchange", "product_name": "Trend Micro ScanMail for Exchange",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "12.0" "version_value": "12.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Trend Micro" "vendor_name": "Trend Micro"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure Permissions"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities" "lang": "eng",
}, "value": "A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which certain specific installations that utilize a uncommon feature - Other Update Sources - could be exploited to overwrite sensitive files in the ScanMail for Exchange directory."
{ }
"name" : "https://success.trendmicro.com/solution/1118486", ]
"refsource" : "CONFIRM", },
"url" : "https://success.trendmicro.com/solution/1118486" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/1118486",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1118486"
},
{
"name": "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/trend-micro-scanmail-microsoft-exchange-multiple-vulnerabilities"
}
]
}
} }

120
2017/14xxx/CVE-2017-14469.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-03-28T00:00:00", "DATE_PUBLIC": "2018-03-28T00:00:00",
"ID" : "CVE-2017-14469", "ID": "CVE-2017-14469",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Allen Bradley", "product_name": "Allen Bradley",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15" "version_value": "Allen Bradley Micrologix 1400 Series B FRN 21.2, Allen Bradley Micrologix 1400 Series B FRN 21.0, Allen Bradley Micrologix 1400 Series B FRN 15"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Talos" "vendor_name": "Talos"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered. NOTE: This is not possible through RSLogix."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443" "lang": "eng",
} "value": "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered. NOTE: This is not possible through RSLogix."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443"
}
]
}
} }

32
2017/15xxx/CVE-2017-15167.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15167", "ID": "CVE-2017-15167",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/15xxx/CVE-2017-15845.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00", "DATE_PUBLIC": "2018-01-02T00:00:00",
"ID" : "CVE-2017-15845", "ID": "CVE-2017-15845",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer Underflow in WLAN"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" "lang": "eng",
} "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Underflow in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}
]
}
} }

32
2017/8xxx/CVE-2017-8331.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8331", "ID": "CVE-2017-8331",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2017/9xxx/CVE-2017-9165.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9165", "ID": "CVE-2017-9165",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" "lang": "eng",
} "value": "libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/"
}
]
}
} }

118
2017/9xxx/CVE-2017-9573.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9573", "ID": "CVE-2017-9573",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" "lang": "eng",
} "value": "The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
]
}
} }

138
2017/9xxx/CVE-2017-9856.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9856", "ID": "CVE-2017-9856",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are \"encrypted\" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://horusscenario.com/CVE-information/", "description_data": [
"refsource" : "MISC", {
"url" : "https://horusscenario.com/CVE-information/" "lang": "eng",
}, "value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are \"encrypted\" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
{ }
"name" : "http://www.sma.de/en/statement-on-cyber-security.html", ]
"refsource" : "MISC", },
"url" : "http://www.sma.de/en/statement-on-cyber-security.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf", "description": [
"refsource" : "MISC", {
"url" : "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sma.de/en/statement-on-cyber-security.html",
"refsource": "MISC",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"name": "https://horusscenario.com/CVE-information/",
"refsource": "MISC",
"url": "https://horusscenario.com/CVE-information/"
},
{
"name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
"refsource": "MISC",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
]
}
} }

132
2018/1000xxx/CVE-2018-1000426.json
View File

@ -1,69 +1,69 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-12-28T04:34:37.686723", "DATE_ASSIGNED": "2018-12-28T04:34:37.686723",
"ID" : "CVE-2018-1000426", "ID": "CVE-2018-1000426",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins Git Changelog Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.6 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1122", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1122" "lang": "eng",
}, "value": "A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages."
{ }
"name" : "106532", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106532" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106532"
},
{
"name": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1122",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-09-25/#SECURITY-1122"
}
]
}
} }

32
2018/12xxx/CVE-2018-12119.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12119", "ID": "CVE-2018-12119",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

370
2018/12xxx/CVE-2018-12364.json
View File

@ -1,188 +1,188 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2018-12364", "ID": "CVE-2018-12364",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Thunderbird", "product_name": "Thunderbird",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "60" "version_value": "60"
}, },
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.9" "version_value": "52.9"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox ESR", "product_name": "Firefox ESR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "60.1" "version_value": "60.1"
}, },
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.9" "version_value": "52.9"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "61" "version_value": "61"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CSRF attacks through 307 redirects and NPAPI plugins"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html" "lang": "eng",
}, "value": "NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery (CSRF) attacks. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61."
{ }
"name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1436241", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1436241" "lang": "eng",
}, "value": "CSRF attacks through 307 redirects and NPAPI plugins"
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-15/", ]
"refsource" : "CONFIRM", }
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-15/" ]
}, },
{ "references": {
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-16/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-16/" "name": "GLSA-201810-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201810-01"
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-17/", },
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-17/" "name": "https://www.mozilla.org/security/advisories/mfsa2018-15/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-18/", },
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-18/" "name": "RHSA-2018:2112",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2112"
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-19/", },
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-19/" "name": "GLSA-201811-13",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201811-13"
"name" : "DSA-4235", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4235" "name": "DSA-4235",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4235"
"name" : "DSA-4244", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4244" "name": "https://www.mozilla.org/security/advisories/mfsa2018-18/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
"name" : "GLSA-201810-01", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201810-01" "name": "RHSA-2018:2113",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2113"
"name" : "GLSA-201811-13", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201811-13" "name": "https://www.mozilla.org/security/advisories/mfsa2018-16/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
"name" : "RHSA-2018:2112", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2112" "name": "DSA-4244",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4244"
"name" : "RHSA-2018:2113", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2113" "name": "104560",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/104560"
"name" : "RHSA-2018:2251", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2251" "name": "1041193",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1041193"
"name" : "RHSA-2018:2252", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2252" "name": "https://www.mozilla.org/security/advisories/mfsa2018-19/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
"name" : "USN-3705-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3705-1/" "name": "RHSA-2018:2252",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2252"
"name" : "USN-3714-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3714-1/" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1436241",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1436241"
"name" : "104560", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104560" "name": "https://www.mozilla.org/security/advisories/mfsa2018-17/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
"name" : "1041193", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041193" "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update",
} "refsource": "MLIST",
] "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
} },
{
"name": "RHSA-2018:2251",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2251"
},
{
"name": "USN-3705-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"name": "USN-3714-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3714-1/"
},
{
"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
}
]
}
} }

128
2018/12xxx/CVE-2018-12579.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12579", "ID": "CVE-2018-12579",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.oxid-esales.com/view.php?id=6818", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.oxid-esales.com/view.php?id=6818" "lang": "eng",
}, "value": "An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0. An attacker could gain access to the admin panel or a customer account when using the password reset function. To do so, it is required to own a domain name similar to the one the victim uses for their e-mail accounts."
{ }
"name" : "https://oxidforge.org/en/security-bulletin-2018-002.html", ]
"refsource" : "CONFIRM", },
"url" : "https://oxidforge.org/en/security-bulletin-2018-002.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.oxid-esales.com/view.php?id=6818",
"refsource": "CONFIRM",
"url": "https://bugs.oxid-esales.com/view.php?id=6818"
},
{
"name": "https://oxidforge.org/en/security-bulletin-2018-002.html",
"refsource": "CONFIRM",
"url": "https://oxidforge.org/en/security-bulletin-2018-002.html"
}
]
}
} }

138
2018/12xxx/CVE-2018-12760.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-12760", "ID": "CVE-2018-12760",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds write"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
{ }
"name" : "104701", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104701" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041250", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041250" "lang": "eng",
} "value": "Out-of-bounds write"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"name": "1041250",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041250"
},
{
"name": "104701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104701"
}
]
}
} }

32
2018/13xxx/CVE-2018-13254.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13254", "ID": "CVE-2018-13254",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/13xxx/CVE-2018-13422.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13422", "ID": "CVE-2018-13422",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TCExam before 14.1.2 has XSS via an ff_ or xl_ field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/tecnickcom/tcexam/pull/223", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/tecnickcom/tcexam/pull/223" "lang": "eng",
} "value": "TCExam before 14.1.2 has XSS via an ff_ or xl_ field."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tecnickcom/tcexam/pull/223",
"refsource": "MISC",
"url": "https://github.com/tecnickcom/tcexam/pull/223"
}
]
}
} }

120
2018/16xxx/CVE-2018-16098.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@lenovo.com", "ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC" : "2019-01-10T00:00:00", "DATE_PUBLIC": "2019-01-10T00:00:00",
"ID" : "CVE-2018-16098", "ID": "CVE-2018-16098",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Various ThinkPad products", "product_name": "Various ThinkPad products",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Various" "version_value": "Various"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Lenovo Group Ltd." "vendor_name": "Lenovo Group Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24573", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24573" "lang": "eng",
} "value": "In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24573",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24573"
}
]
}
} }

32
2018/16xxx/CVE-2018-16111.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-16111", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-16111",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }
} }

148
2018/16xxx/CVE-2018-16164.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16164", "ID": "CVE-2018-16164",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Event Calendar WD version", "product_name": "Event Calendar WD version",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.1.21 and earlier" "version_value": "1.1.21 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Web-Dorado" "vendor_name": "Web-Dorado"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://plugins.trac.wordpress.org/changeset/1961423/", "description_data": [
"refsource" : "MISC", {
"url" : "https://plugins.trac.wordpress.org/changeset/1961423/" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in Event Calendar WD version 1.1.21 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "https://wordpress.org/plugins/event-calendar-wd/#developers", ]
"refsource" : "MISC", },
"url" : "https://wordpress.org/plugins/event-calendar-wd/#developers" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://wpvulndb.com/vulnerabilities/9199", "description": [
"refsource" : "MISC", {
"url" : "https://wpvulndb.com/vulnerabilities/9199" "lang": "eng",
}, "value": "Cross-site scripting"
{ }
"name" : "JVN#75738023", ]
"refsource" : "JVN", }
"url" : "https://jvn.jp/en/jp/JVN75738023/index.html" ]
} },
] "references": {
} "reference_data": [
{
"name": "JVN#75738023",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN75738023/index.html"
},
{
"name": "https://wpvulndb.com/vulnerabilities/9199",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9199"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/1961423/",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/1961423/"
},
{
"name": "https://wordpress.org/plugins/event-calendar-wd/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/event-calendar-wd/#developers"
}
]
}
} }

128
2018/16xxx/CVE-2018-16437.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16437", "ID": "CVE-2018-16437",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ttk7.cn/post-78.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.ttk7.cn/post-78.html" "lang": "eng",
}, "value": "Gxlcms 2.0 before bug fix 20180915 has Directory Traversal exploitable by an administrator."
{ }
"name" : "http://bbs.gxlcms.com/forum.php?mod=viewthread&tid=787&extra=page%3D1", ]
"refsource" : "CONFIRM", },
"url" : "http://bbs.gxlcms.com/forum.php?mod=viewthread&tid=787&extra=page%3D1" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bbs.gxlcms.com/forum.php?mod=viewthread&tid=787&extra=page%3D1",
"refsource": "CONFIRM",
"url": "http://bbs.gxlcms.com/forum.php?mod=viewthread&tid=787&extra=page%3D1"
},
{
"name": "http://www.ttk7.cn/post-78.html",
"refsource": "MISC",
"url": "http://www.ttk7.cn/post-78.html"
}
]
}
} }

32
2018/4xxx/CVE-2018-4067.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4067", "ID": "CVE-2018-4067",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/4xxx/CVE-2018-4730.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4730", "ID": "CVE-2018-4730",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/4xxx/CVE-2018-4824.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4824", "ID": "CVE-2018-4824",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2018/4xxx/CVE-2018-4875.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-4875", "ID": "CVE-2018-4875",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Experience Manager 6.1, 6.0", "product_name": "Adobe Experience Manager 6.1, 6.0",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Experience Manager 6.1, 6.0" "version_value": "Adobe Experience Manager 6.1, 6.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Reflected cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html" "lang": "eng",
}, "value": "Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM."
{ }
"name" : "102991", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102991" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040365", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040365" "lang": "eng",
} "value": "Reflected cross-site scripting"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "102991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102991"
},
{
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb18-04.html"
},
{
"name": "1040365",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040365"
}
]
}
} }