admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:50:29 +00:00
parent bcf8844fda
commit 770b43d9d7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3205 additions and 3205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2002/1xxx/CVE-2002-1593.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1593",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1593",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module."
"lang": "eng",
"value": "mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.apache.org/dist/httpd/CHANGES_2.0",
"refsource" : "CONFIRM",
"url" : "http://www.apache.org/dist/httpd/CHANGES_2.0"
"name": "5816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5816"
},
{
"name" : "VU#406121",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/406121"
"name": "VU#406121",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/406121"
},
{
"name" : "5816",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5816"
"name": "1005285",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1005285"
},
{
"name" : "1005285",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1005285"
"name": "http://www.apache.org/dist/httpd/CHANGES_2.0",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.0"
},
{
"name" : "apache-mod-dav-dos(10208)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10208"
"name": "apache-mod-dav-dos(10208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10208"
}
]
}

74
2002/1xxx/CVE-2002-1818.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1818",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1818",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter."
"lang": "eng",
"value": "ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read arbitrary files via a full pathname in the AnalyseSite parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20021110 benchmark tool for HTTP pages.",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/299235"
"name": "6153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6153"
},
{
"name" : "6153",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6153"
"name": "20021110 benchmark tool for HTTP pages.",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/299235"
},
{
"name" : "ez-httpbench-view-files(10589)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10589.php"
"name": "ez-httpbench-view-files(10589)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10589.php"
}
]
}

128
2003/0xxx/CVE-2003-0138.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0138",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0138",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack."
"lang": "eng",
"value": "Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104791775804776&w=2"
"name": "DSA-269",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-269"
},
{
"name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
"name": "RHSA-2003:052",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt",
"refsource" : "CONFIRM",
"url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt"
"name": "20030331 GLSA: krb5 & mit-krb5 (200303-28)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name" : "DSA-266",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-266"
"name": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt"
},
{
"name" : "DSA-269",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-269"
"name": "oval:org.mitre.oval:def:248",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A248"
},
{
"name" : "DSA-273",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-273"
"name": "RHSA-2003:091",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name" : "RHSA-2003:051",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html"
"name": "DSA-273",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-273"
},
{
"name" : "RHSA-2003:052",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html"
"name": "RHSA-2003:051",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name" : "RHSA-2003:091",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-091.html"
"name": "VU#623217",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/623217"
},
{
"name" : "VU#623217",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/623217"
"name": "DSA-266",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name" : "7113",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7113"
"name": "20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104791775804776&w=2"
},
{
"name" : "oval:org.mitre.oval:def:248",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A248"
"name": "7113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7113"
}
]
}

74
2003/0xxx/CVE-2003-0478.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0478",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0478",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings."
"lang": "eng",
"value": "Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030626 Bahamut IRCd <= 1.4.35 and several derived daemons",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105665996104723&w=2"
"name": "20030626 Bahamut IRCd <= 1.4.35 and several derived daemons",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105665996104723&w=2"
},
{
"name" : "20030627 Re: Bahamut IRCd <= 1.4.35 and several derived daemons",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105673489525906&w=2"
"name": "20030627 Re: Bahamut IRCd <= 1.4.35 and several derived daemons",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105673489525906&w=2"
},
{
"name" : "20030627 Bahamut DoS",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105673555726823&w=2"
"name": "20030627 Bahamut DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105673555726823&w=2"
}
]
}

62
2003/0xxx/CVE-2003-0588.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0588",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0588",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password."
"lang": "eng",
"value": "admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030716 Digi-news and Digi-ads version 1.1 admin access without password",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105839007002993&w=2"
"name": "20030716 Digi-news and Digi-ads version 1.1 admin access without password",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105839007002993&w=2"
}
]
}

68
2003/0xxx/CVE-2003-0781.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0781",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0781",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords."
"lang": "eng",
"value": "Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "DSA-467",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-467"
"name": "DSA-467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-467"
},
{
"name" : "ecartis-subscribe-password-disclosure(12929)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12929"
"name": "ecartis-subscribe-password-disclosure(12929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12929"
}
]
}

134
2003/0xxx/CVE-2003-0853.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0853",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0853",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
"lang": "eng",
"value": "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
"name": "CLA-2003:771",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771"
},
{
"name" : "http://www.guninski.com/binls.html",
"refsource" : "MISC",
"url" : "http://www.guninski.com/binls.html"
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
"name": "CLA-2003:768",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768"
},
{
"name" : "CLA-2003:768",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768"
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name" : "CLA-2003:771",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771"
"name": "RHSA-2003:309",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name" : "IMNX-2003-7+-026-01",
"refsource" : "IMMUNIX",
"url" : "http://www.securityfocus.com/advisories/6014"
"name": "TLSA-2003-60",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name" : "MDKSA-2003:106",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
"name": "RHSA-2003:310",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name" : "RHSA-2003:309",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-309.html"
"name": "8875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8875"
},
{
"name" : "RHSA-2003:310",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-310.html"
"name": "IMNX-2003-7+-026-01",
"refsource": "IMMUNIX",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name" : "TLSA-2003-60",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.com/security/TLSA-2003-60.txt"
"name": "17069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17069"
},
{
"name" : "8875",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8875"
"name": "http://www.guninski.com/binls.html",
"refsource": "MISC",
"url": "http://www.guninski.com/binls.html"
},
{
"name" : "10126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10126"
"name": "10126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10126"
},
{
"name" : "17069",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17069"
"name": "MDKSA-2003:106",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
]
}

80
2003/1xxx/CVE-2003-1471.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1471",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1471",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number."
"lang": "eng",
"value": "MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030428 MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS",
"refsource" : "BUGTRAQ",
"url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2003/04/msg00364.html"
"name": "mdaemon-pop3-negative-dos(11882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11882"
},
{
"name" : "20030428 RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0359.html"
"name": "20030428 RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-04/0359.html"
},
{
"name" : "7445",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7445"
"name": "7445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7445"
},
{
"name" : "mdaemon-pop3-negative-dos(11882)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11882"
"name": "20030428 MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS",
"refsource": "BUGTRAQ",
"url": "http://archive.cert.uni-stuttgart.de/bugtraq/2003/04/msg00364.html"
}
]
}

80
2003/1xxx/CVE-2003-1523.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1523",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1523",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors."
"lang": "eng",
"value": "SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[Dbmail] 20030725 WARNING SECURITY FLAW IN IMAPSERVER",
"refsource" : "MLIST",
"url" : "http://mailman.fastxs.net/pipermail/dbmail/2003-July/003252.html"
"name": "dbmail-multiple-sql-injection(13416)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13416"
},
{
"name" : "8829",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8829"
"name": "[Dbmail] 20030725 WARNING SECURITY FLAW IN IMAPSERVER",
"refsource": "MLIST",
"url": "http://mailman.fastxs.net/pipermail/dbmail/2003-July/003252.html"
},
{
"name" : "10001",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10001"
"name": "10001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10001"
},
{
"name" : "dbmail-multiple-sql-injection(13416)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13416"
"name": "8829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8829"
}
]
}

68
2004/0xxx/CVE-2004-0683.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0683",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0683",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cause a denial of service (CPU consumption) via a compressed archive that contains a large number of directories."
"lang": "eng",
"value": "Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cause a denial of service (CPU consumption) via a compressed archive that contains a large number of directories."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040709 Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108938579712894&w=2"
"name": "20040709 Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108938579712894&w=2"
},
{
"name" : "nav-compressed-dos(16658)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16658"
"name": "nav-compressed-dos(16658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16658"
}
]
}

92
2004/2xxx/CVE-2004-2087.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2087",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2087",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user."
"lang": "eng",
"value": "Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://sourceforge.net/forum/forum.php?forum_id=351705",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?forum_id=351705"
"name": "10829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10829"
},
{
"name" : "9647",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9647"
"name": "http://sourceforge.net/forum/forum.php?forum_id=351705",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=351705"
},
{
"name" : "3922",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3922"
"name": "3922",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3922"
},
{
"name" : "1009110",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1009110"
"name": "1009110",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009110"
},
{
"name" : "10829",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10829"
"name": "sandsurfer-gain-access(15193)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15193"
},
{
"name" : "sandsurfer-gain-access(15193)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15193"
"name": "9647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9647"
}
]
}

92
2004/2xxx/CVE-2004-2231.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2231",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2231",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files."
"lang": "eng",
"value": "Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030620 ZeroG InstallAnywhere5 Symlink Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=82&type=vulnerabilities"
"name": "10808",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10808"
},
{
"name" : "http://vapid.dhs.org/zerogadv.txt",
"refsource" : "MISC",
"url" : "http://vapid.dhs.org/zerogadv.txt"
"name": "12129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12129"
},
{
"name" : "10808",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10808"
"name": "http://vapid.dhs.org/zerogadv.txt",
"refsource": "MISC",
"url": "http://vapid.dhs.org/zerogadv.txt"
},
{
"name" : "8236",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/8236"
"name": "installanywhere-symlink(16791)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16791"
},
{
"name" : "12129",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12129"
"name": "8236",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8236"
},
{
"name" : "installanywhere-symlink(16791)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16791"
"name": "20030620 ZeroG InstallAnywhere5 Symlink Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=82&type=vulnerabilities"
}
]
}

74
2004/2xxx/CVE-2004-2666.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2666",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2666",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page."
"lang": "eng",
"value": "Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24&r2=1.25",
"refsource" : "MISC",
"url" : "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24&r2=1.25"
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24&r2=1.25",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?r1=1.24&r2=1.25"
},
{
"name" : "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log",
"refsource" : "MISC",
"url" : "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
"name": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log",
"refsource": "MISC",
"url": "http://mantisbt.cvs.sourceforge.net/mantisbt/mantisbt/history_inc.php?view=log"
},
{
"name" : "http://bugs.mantisbugtracker.com/view.php?id=4724",
"refsource" : "CONFIRM",
"url" : "http://bugs.mantisbugtracker.com/view.php?id=4724"
"name": "http://bugs.mantisbugtracker.com/view.php?id=4724",
"refsource": "CONFIRM",
"url": "http://bugs.mantisbugtracker.com/view.php?id=4724"
}
]
}

80
2004/2xxx/CVE-2004-2757.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2757",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2757",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm"
"name": "10653",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10653"
},
{
"name" : "9412",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9412"
"name": "ichain-url-xss(14873)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14873"
},
{
"name" : "10653",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10653"
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10080762.htm"
},
{
"name" : "ichain-url-xss(14873)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14873"
"name": "9412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9412"
}
]
}

116
2008/2xxx/CVE-2008-2603.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2603",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2603",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in multiple web pages."
"lang": "eng",
"value": "Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in multiple web pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080804 Team SHATTER Security Advisory: Cross-site scripting in Oracle Enterprise Manager (REFRESHCHOICE Parameter)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495093/100/0/threaded"
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
"name": "ADV-2008-2115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2115"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
"name": "SSRT061201",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
"name": "1020496",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020496"
},
{
"name" : "ADV-2008-2115",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2115"
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name" : "ADV-2008-2109",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2109/references"
"name": "ADV-2008-2109",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2109/references"
},
{
"name" : "1020496",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020496"
"name": "1020499",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020499"
},
{
"name" : "1020499",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020499"
"name": "31087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31087"
},
{
"name" : "31113",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31113"
"name": "31113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31113"
},
{
"name" : "31087",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31087"
"name": "20080804 Team SHATTER Security Advisory: Cross-site scripting in Oracle Enterprise Manager (REFRESHCHOICE Parameter)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495093/100/0/threaded"
}
]
}

146
2008/2xxx/CVE-2008-2928.json
View File

@ -1,131 +1,131 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2928",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2928",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header."
"lang": "eng",
"value": "Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=453916",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=453916"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=453916",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=453916"
"name": "1020771",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020771"
},
{
"name" : "FEDORA-2008-7339",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00449.html"
"name": "SSRT080113",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861"
},
{
"name" : "FEDORA-2008-7642",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00218.html"
"name": "http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html",
"refsource": "CONFIRM",
"url": "http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html"
},
{
"name" : "HPSBUX02354",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861"
"name": "31702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31702"
},
{
"name" : "SSRT080113",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861"
"name": "RHSA-2008:0596",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2008-0596.html"
},
{
"name" : "RHSA-2008:0596",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2008-0596.html"
"name": "HPSBUX02354",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861"
},
{
"name" : "30869",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30869"
"name": "30869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30869"
},
{
"name" : "oval:org.mitre.oval:def:5865",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5865"
"name": "ADV-2008-2480",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2480"
},
{
"name" : "ADV-2008-2480",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2480"
"name": "FEDORA-2008-7642",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00218.html"
},
{
"name" : "1020771",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020771"
"name": "FEDORA-2008-7339",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00449.html"
},
{
"name" : "31777",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31777"
"name": "31777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31777"
},
{
"name" : "31565",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31565"
"name": "oval:org.mitre.oval:def:5865",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5865"
},
{
"name" : "31702",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31702"
"name": "rhds-acceptlanguage-bo(44738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44738"
},
{
"name" : "rhds-acceptlanguage-bo(44738)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44738"
"name": "31565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31565"
}
]
}

98
2012/0xxx/CVE-2012-0115.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0115",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0115",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492."
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
"name": "USN-1397-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name" : "DSA-2429",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2429"
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name" : "GLSA-201308-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml"
"name": "48250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48250"
},
{
"name" : "USN-1397-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1397-1"
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name" : "53372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53372"
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name" : "48250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48250"
"name": "DSA-2429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2429"
}
]
}

86
2012/0xxx/CVE-2012-0933.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0933",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0933",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstormsecurity.org/files/108869/acidcat-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/108869/acidcat-xss.txt"
"name": "47705",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47705"
},
{
"name" : "51608",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51608"
"name": "78458",
"refsource": "OSVDB",
"url": "http://osvdb.org/78458"
},
{
"name" : "78458",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78458"
"name": "acidcatcms-multiple-xss(72624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72624"
},
{
"name" : "47705",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47705"
"name": "http://packetstormsecurity.org/files/108869/acidcat-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/108869/acidcat-xss.txt"
},
{
"name" : "acidcatcms-multiple-xss(72624)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72624"
"name": "51608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51608"
}
]
}

22
2012/1xxx/CVE-2012-1105.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1105",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1105",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2012/1xxx/CVE-2012-1248.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1248",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-1248",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain."
"lang": "eng",
"value": "app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://basercms.net/security/1",
"refsource" : "CONFIRM",
"url" : "http://basercms.net/security/1"
"name": "JVNDB-2012-000043",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000043"
},
{
"name" : "JVN#53465692",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN53465692/index.html"
"name": "JVN#53465692",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN53465692/index.html"
},
{
"name" : "JVNDB-2012-000043",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000043"
"name": "basercms-core-sec-bypass(75660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75660"
},
{
"name" : "53543",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53543"
"name": "http://basercms.net/security/1",
"refsource": "CONFIRM",
"url": "http://basercms.net/security/1"
},
{
"name" : "basercms-core-sec-bypass(75660)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75660"
"name": "53543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53543"
}
]
}

22
2012/1xxx/CVE-2012-1496.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1496",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1496",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

98
2012/1xxx/CVE-2012-1590.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1590",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1590",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page."
"lang": "eng",
"value": "The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://drupal.org/drupal-7.14",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/drupal-7.14"
"name": "http://drupal.org/drupal-7.14",
"refsource": "CONFIRM",
"url": "http://drupal.org/drupal-7.14"
},
{
"name" : "http://drupal.org/node/1302404",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1302404"
"name": "53359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53359"
},
{
"name" : "http://drupal.org/node/1557938",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1557938"
"name": "MDVSA-2013:074",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:074"
},
{
"name" : "http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5"
"name": "49012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49012"
},
{
"name" : "MDVSA-2013:074",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:074"
"name": "http://drupal.org/node/1557938",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1557938"
},
{
"name" : "53359",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53359"
"name": "http://drupal.org/node/1302404",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1302404"
},
{
"name" : "49012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49012"
"name": "http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/drupal.git/commit/352645e4a636cadeb5576231b3547972eebdd8e5"
}
]
}

80
2012/1xxx/CVE-2012-1917.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1917",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1917",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ (dot dot dot slash dot slash) sequence."
"lang": "eng",
"value": "compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ (dot dot dot slash dot slash) sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://en.securitylab.ru/lab/PT-2011-48",
"refsource" : "MISC",
"url" : "http://en.securitylab.ru/lab/PT-2011-48"
"name": "http://en.securitylab.ru/lab/PT-2011-48",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2011-48"
},
{
"name" : "http://atmail.org/download/atmailopen.tgz",
"refsource" : "CONFIRM",
"url" : "http://atmail.org/download/atmailopen.tgz"
"name": "http://atmail.org/download/atmailopen.tgz",
"refsource": "CONFIRM",
"url": "http://atmail.org/download/atmailopen.tgz"
},
{
"name" : "VU#743555",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/743555"
"name": "VU#743555",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/743555"
},
{
"name" : "47012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47012"
"name": "47012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47012"
}
]
}

22
2012/5xxx/CVE-2012-5410.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5410",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5410",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2012/5xxx/CVE-2012-5421.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5421",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5421",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2012/5xxx/CVE-2012-5787.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5787",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5787",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
"lang": "eng",
"value": "The PayPal merchant SDK does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource" : "MISC",
"url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
"name": "56445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56445"
},
{
"name" : "https://github.com/paypal/SDKs/commit/5f2d6dd77fb4211dcde34e36f1864234526c5d64",
"refsource" : "CONFIRM",
"url" : "https://github.com/paypal/SDKs/commit/5f2d6dd77fb4211dcde34e36f1864234526c5d64"
"name": "paypal-sdk-spoofing(79913)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79913"
},
{
"name" : "56445",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56445"
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name" : "51184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51184"
"name": "51184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51184"
},
{
"name" : "paypal-sdk-spoofing(79913)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79913"
"name": "https://github.com/paypal/SDKs/commit/5f2d6dd77fb4211dcde34e36f1864234526c5d64",
"refsource": "CONFIRM",
"url": "https://github.com/paypal/SDKs/commit/5f2d6dd77fb4211dcde34e36f1864234526c5d64"
}
]
}

80
2017/11xxx/CVE-2017-11173.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11173",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11173",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed."
"lang": "eng",
"value": "Missing anchor in generated regex for rack-cors before 0.4.1 allows a malicious third-party site to perform CORS requests. If the configuration were intended to allow only the trusted example.com domain name and not the malicious example.net domain name, then example.com.example.net (as well as example.com-example.net) would be inadvertently allowed."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://seclists.org/fulldisclosure/2017/Jul/22",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Jul/22"
"name": "http://seclists.org/fulldisclosure/2017/Jul/22",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/22"
},
{
"name" : "https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6",
"refsource" : "MISC",
"url" : "https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6"
"name": "https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html"
},
{
"name" : "https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/143345/rack-cors-Missing-Anchor.html"
"name": "https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6",
"refsource": "MISC",
"url": "https://github.com/cyu/rack-cors/commit/42ebe6caa8e85ffa9c8a171bda668ba1acc7a5e6"
},
{
"name" : "DSA-3931",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3931"
"name": "DSA-3931",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3931"
}
]
}

86
2017/3xxx/CVE-2017-3070.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3070",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3070",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Adobe Flash Player 25.0.0.148 and earlier.",
"version" : {
"version_data" : [
"product_name": "Adobe Flash Player 25.0.0.148 and earlier.",
"version": {
"version_data": [
{
"version_value" : "Adobe Flash Player 25.0.0.148 and earlier."
"version_value": "Adobe Flash Player 25.0.0.148 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution."
"lang": "eng",
"value": "Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Memory Corruption"
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-15.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-15.html"
"name": "GLSA-201705-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-12"
},
{
"name" : "GLSA-201705-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-12"
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-15.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-15.html"
},
{
"name" : "RHSA-2017:1219",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1219"
"name": "98349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98349"
},
{
"name" : "98349",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98349"
"name": "RHSA-2017:1219",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1219"
},
{
"name" : "1038427",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038427"
"name": "1038427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038427"
}
]
}

104
2017/3xxx/CVE-2017-3305.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3305",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3305",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "5.5.55 and earlier"
"version_affected": "=",
"version_value": "5.5.55 and earlier"
},
{
"version_affected" : "=",
"version_value" : "5.6.35 and earlier"
"version_affected": "=",
"version_value": "5.6.35 and earlier"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, \"The Riddle\"."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, \"The Riddle\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data."
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/03/17/3"
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name" : "http://riddle.link/",
"refsource" : "MISC",
"url" : "http://riddle.link/"
"name": "[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/17/3"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
"name": "1038287",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038287"
},
{
"name" : "DSA-3834",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3834"
"name": "http://riddle.link/",
"refsource": "MISC",
"url": "http://riddle.link/"
},
{
"name" : "RHSA-2017:2787",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2787"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "97023",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97023"
"name": "DSA-3834",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3834"
},
{
"name" : "1038287",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038287"
"name": "97023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97023"
}
]
}

88
2017/3xxx/CVE-2017-3507.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3507",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3507",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Service Bus",
"version" : {
"version_data" : [
"product_name": "Service Bus",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "12.1.3.0.0"
"version_affected": "=",
"version_value": "12.1.3.0.0"
},
{
"version_affected" : "=",
"version_value" : "12.2.1.0.0"
"version_affected": "=",
"version_value": "12.2.1.0.0"
},
{
"version_affected" : "=",
"version_value" : "12.2.1.1.0"
"version_affected": "=",
"version_value": "12.2.1.1.0"
},
{
"version_affected" : "=",
"version_value" : "12.2.1.2.0"
"version_affected": "=",
"version_value": "12.2.1.2.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Console Design). Supported versions that are affected are 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Service Bus accessible data as well as unauthorized read access to a subset of Oracle Service Bus accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Service Bus. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware (subcomponent: Web Console Design). Supported versions that are affected are 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Service Bus accessible data as well as unauthorized read access to a subset of Oracle Service Bus accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Service Bus. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Service Bus accessible data as well as unauthorized read access to a subset of Oracle Service Bus accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Service Bus."
"lang": "eng",
"value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Service Bus accessible data as well as unauthorized read access to a subset of Oracle Service Bus accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Service Bus."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
"name": "1038291",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038291"
},
{
"name" : "97888",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97888"
"name": "97888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97888"
},
{
"name" : "1038291",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038291"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
}
]
}

22
2017/7xxx/CVE-2017-7332.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7332",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7332",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2017/7xxx/CVE-2017-7589.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7589",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7589",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the \"anonymous\" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js."
"lang": "eng",
"value": "In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sensitive information upon a request by the \"anonymous\" user, as demonstrated by responses with a 200 HTTP status code and a JSON object containing IP address strings. This is related to a missing access-control check in bin/defaults/script/info/login.js."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.rootlabs.com.br/information-disclosure-forgerock-openidm-4-0-0-and-4-5-0/",
"refsource" : "MISC",
"url" : "http://www.rootlabs.com.br/information-disclosure-forgerock-openidm-4-0-0-and-4-5-0/"
"name": "http://www.rootlabs.com.br/information-disclosure-forgerock-openidm-4-0-0-and-4-5-0/",
"refsource": "MISC",
"url": "http://www.rootlabs.com.br/information-disclosure-forgerock-openidm-4-0-0-and-4-5-0/"
},
{
"name" : "https://backstage.forgerock.com/knowledge/kb/article/a92936505",
"refsource" : "CONFIRM",
"url" : "https://backstage.forgerock.com/knowledge/kb/article/a92936505"
"name": "https://backstage.forgerock.com/knowledge/kb/article/a92936505",
"refsource": "CONFIRM",
"url": "https://backstage.forgerock.com/knowledge/kb/article/a92936505"
}
]
}

122
2017/7xxx/CVE-2017-7843.json
View File

@ -1,113 +1,113 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-7843",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-7843",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "52.5.2"
"version_affected": "<",
"version_value": "52.5.2"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "57.0.1"
"version_affected": "<",
"version_value": "57.0.1"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
"vendor_name": "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1."
"lang": "eng",
"value": "When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Web worker in Private Browsing mode can write IndexedDB data"
"lang": "eng",
"value": "Web worker in Private Browsing mode can write IndexedDB data"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20171210 [SECURITY] [DLA 1202-1] firefox-esr security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html"
"name": "RHSA-2017:3382",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3382"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1410106",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1410106"
"name": "[debian-lts-announce] 20171210 [SECURITY] [DLA 1202-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00003.html"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-27/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-27/"
"name": "https://www.mozilla.org/security/advisories/mfsa2017-28/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-28/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-28/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-28/"
"name": "1039954",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039954"
},
{
"name" : "DSA-4062",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4062"
"name": "https://www.mozilla.org/security/advisories/mfsa2017-27/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-27/"
},
{
"name" : "RHSA-2017:3382",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3382"
"name": "DSA-4062",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4062"
},
{
"name" : "102039",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102039"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1410106",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1410106"
},
{
"name" : "102112",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102112"
"name": "102039",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102039"
},
{
"name" : "1039954",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039954"
"name": "102112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102112"
}
]
}

62
2017/7xxx/CVE-2017-7917.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-7917",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-7917",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Moxa OnCell",
"version" : {
"version_data" : [
"product_name": "Moxa OnCell",
"version": {
"version_data": [
{
"version_value" : "Moxa OnCell"
"version_value": "Moxa OnCell"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device."
"lang": "eng",
"value": "A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request, which could allow an attacker to modify the configuration of the device."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-352"
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01"
}
]
}

22
2017/8xxx/CVE-2017-8227.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8227",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8227",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2017/8xxx/CVE-2017-8251.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-8251",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8251",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle."
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-09-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-09-01"
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name" : "100658",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100658"
"name": "100658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100658"
}
]
}

22
2017/8xxx/CVE-2017-8546.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8546",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8546",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

76
2017/8xxx/CVE-2017-8758.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-09-12T00:00:00",
"ID" : "CVE-2017-8758",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8758",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Microsoft Exchange Server 2016",
"version" : {
"version_data" : [
"product_name": "Microsoft Exchange Server 2016",
"version": {
"version_data": [
{
"version_value" : "Microsoft Exchange Server 2016 Cumulative Update 6"
"version_value": "Microsoft Exchange Server 2016 Cumulative Update 6"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Cross-Site Scripting Vulnerability.\""
"lang": "eng",
"value": "Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Cross-Site Scripting Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8758",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8758"
"name": "100723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100723"
},
{
"name" : "100723",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100723"
"name": "1039320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039320"
},
{
"name" : "1039320",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039320"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8758",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8758"
}
]
}

22
2018/10xxx/CVE-2018-10343.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10343",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10343",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2018/12xxx/CVE-2018-12436.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12436",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12436",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host."
"lang": "eng",
"value": "wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca",
"refsource" : "MISC",
"url" : "https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca"
"name": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"refsource": "MISC",
"url": "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
},
{
"name" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/",
"refsource" : "MISC",
"url" : "https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/"
"name": "https://www.wolfssl.com/wolfssh-and-rohnp/",
"refsource": "MISC",
"url": "https://www.wolfssl.com/wolfssh-and-rohnp/"
},
{
"name" : "https://www.wolfssl.com/wolfssh-and-rohnp/",
"refsource" : "MISC",
"url" : "https://www.wolfssl.com/wolfssh-and-rohnp/"
"name": "https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca",
"refsource": "MISC",
"url": "https://github.com/wolfSSL/wolfssl/commit/9b9568d500f31f964af26ba8d01e542e1f27e5ca"
}
]
}

74
2018/12xxx/CVE-2018-12495.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12495",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12495",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file."
"lang": "eng",
"value": "The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20180908 [SECURITY] [DLA 1499-1] discount security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00009.html"
"name": "https://github.com/Orc/discount/issues/189#issuecomment-397541501",
"refsource": "MISC",
"url": "https://github.com/Orc/discount/issues/189#issuecomment-397541501"
},
{
"name" : "https://github.com/Orc/discount/issues/189#issuecomment-397541501",
"refsource" : "MISC",
"url" : "https://github.com/Orc/discount/issues/189#issuecomment-397541501"
"name": "[debian-lts-announce] 20180908 [SECURITY] [DLA 1499-1] discount security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00009.html"
},
{
"name" : "DSA-4293",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4293"
"name": "DSA-4293",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4293"
}
]
}

62
2018/13xxx/CVE-2018-13078.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13078",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13078",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/VenusADLab/EtherTokens/blob/master/Jitech/Jitech.md",
"refsource" : "MISC",
"url" : "https://github.com/VenusADLab/EtherTokens/blob/master/Jitech/Jitech.md"
"name": "https://github.com/VenusADLab/EtherTokens/blob/master/Jitech/Jitech.md",
"refsource": "MISC",
"url": "https://github.com/VenusADLab/EtherTokens/blob/master/Jitech/Jitech.md"
}
]
}

68
2018/13xxx/CVE-2018-13167.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13167",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13167",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for Yu Gi Oh (YGO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ygo",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ygo"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ygo",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ygo"
}
]
}

68
2018/13xxx/CVE-2018-13224.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13224",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13224",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
"lang": "eng",
"value": "The sell function of a smart contract implementation for Virtual Energy Units (VEU) (Contract Name: VEU_TokenERC20), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TokenERC20",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TokenERC20"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TokenERC20",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TokenERC20"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md"
}
]
}

62
2018/17xxx/CVE-2018-17057.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17057",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17057",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper."
"lang": "eng",
"value": "An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed",
"refsource" : "MISC",
"url" : "https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed"
"name": "https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed",
"refsource": "MISC",
"url": "https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed"
}
]
}

22
2018/17xxx/CVE-2018-17198.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17198",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17198",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/17xxx/CVE-2018-17380.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17380",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17380",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter."
"lang": "eng",
"value": "SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "45477",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45477/"
"name": "http://packetstormsecurity.com/files/149533/Joomla-Article-Factory-Manager-4.3.9-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149533/Joomla-Article-Factory-Manager-4.3.9-SQL-Injection.html"
},
{
"name" : "http://packetstormsecurity.com/files/149533/Joomla-Article-Factory-Manager-4.3.9-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149533/Joomla-Article-Factory-Manager-4.3.9-SQL-Injection.html"
"name": "45477",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45477/"
}
]
}

22
2018/17xxx/CVE-2018-17516.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17516",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17516",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/17xxx/CVE-2018-17712.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17712",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17712",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/9xxx/CVE-2018-9763.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9763",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9763",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}