admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:13:58 +00:00
parent f98466bb4a
commit 7a23eecb52
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
47 changed files with 2937 additions and 2937 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2002/0xxx/CVE-2002-0228.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0228", "ID": "CVE-2002-0228",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites)." "value": "Microsoft MSN Messenger allows remote attackers to use Javascript that references an ActiveX object to obtain sensitive information such as display names and web site navigation, and possibly more when the user is connected to certain Microsoft sites (or DNS-spoofed sites)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)", "name": "20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too)",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/254021" "url": "http://online.securityfocus.com/archive/1/254021"
}, },
{ {
"name" : "msn-messenger-reveal-information(8084)", "name": "msn-messenger-reveal-information(8084)",
"refsource" : "XF", "refsource": "XF",
"url" : "http://www.iss.net/security_center/static/8084.php" "url": "http://www.iss.net/security_center/static/8084.php"
}, },
{ {
"name" : "4028", "name": "4028",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/4028" "url": "http://www.securityfocus.com/bid/4028"
} }
] ]
} }

86
2002/0xxx/CVE-2002-0564.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0564", "ID": "CVE-2002-0564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials." "value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20020206 Hackproofing Oracle Application Server paper", "name": "20020206 Hackproofing Oracle Application Server paper",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101301813117562&w=2" "url": "http://marc.info/?l=bugtraq&m=101301813117562&w=2"
}, },
{ {
"name" : "VU#193523", "name": "CA-2002-08",
"refsource" : "CERT-VN", "refsource": "CERT",
"url" : "http://www.kb.cert.org/vuls/id/193523" "url": "http://www.cert.org/advisories/CA-2002-08.html"
}, },
{ {
"name" : "CA-2002-08", "name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource" : "CERT", "refsource": "MISC",
"url" : "http://www.cert.org/advisories/CA-2002-08.html" "url": "http://www.nextgenss.com/papers/hpoas.pdf"
}, },
{ {
"name" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf", "name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf" "url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
}, },
{ {
"name" : "http://www.nextgenss.com/papers/hpoas.pdf", "name": "VU#193523",
"refsource" : "MISC", "refsource": "CERT-VN",
"url" : "http://www.nextgenss.com/papers/hpoas.pdf" "url": "http://www.kb.cert.org/vuls/id/193523"
} }
] ]
} }

86
2002/0xxx/CVE-2002-0627.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0627", "ID": "CVE-2002-0627",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests." "value": "The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products", "name": "20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products",
"refsource" : "ISS", "refsource": "ISS",
"url" : "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089" "url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089"
}, },
{ {
"name" : "http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf", "name": "http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf" "url": "http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf"
}, },
{ {
"name" : "M-123", "name": "M-123",
"refsource" : "CIAC", "refsource": "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/m-123.shtml" "url": "http://www.ciac.org/ciac/bulletins/m-123.shtml"
}, },
{ {
"name" : "viewstation-unicode-retrieve-password(9348)", "name": "viewstation-unicode-retrieve-password(9348)",
"refsource" : "XF", "refsource": "XF",
"url" : "http://www.iss.net/security_center/static/9348.php" "url": "http://www.iss.net/security_center/static/9348.php"
}, },
{ {
"name" : "5632", "name": "5632",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/5632" "url": "http://www.securityfocus.com/bid/5632"
} }
] ]
} }

68
2002/0xxx/CVE-2002-0873.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0873", "ID": "CVE-2002-0873",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow." "value": "Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "DSA-152", "name": "DSA-152",
"refsource" : "DEBIAN", "refsource": "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-152" "url": "http://www.debian.org/security/2002/dsa-152"
}, },
{ {
"name" : "l2tpd-vendor-field-bo(10460)", "name": "l2tpd-vendor-field-bo(10460)",
"refsource" : "XF", "refsource": "XF",
"url" : "http://www.iss.net/security_center/static/10460.php" "url": "http://www.iss.net/security_center/static/10460.php"
} }
] ]
} }

98
2002/1xxx/CVE-2002-1051.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1051", "ID": "CVE-2002-1051",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument." "value": "Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20020606 Format String bug in TrACESroute 6.0 GOLD", "name": "20020606 Format String bug in TrACESroute 6.0 GOLD",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0040.html" "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0040.html"
}, },
{ {
"name" : "20020721 Nanog traceroute format string exploit.", "name": "4956",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://marc.info/?l=bugtraq&m=102737546927749&w=2" "url": "http://www.securityfocus.com/bid/4956"
}, },
{ {
"name" : "20020723 Re: Nanog traceroute format string exploit.", "name": "SuSE-SA:2000:041",
"refsource" : "BUGTRAQ", "refsource": "SUSE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0254.html" "url": "http://www.novell.com/linux/security/advisories/2000_041_traceroute_txt.html"
}, },
{ {
"name" : "20020724 Re: Nanog traceroute format string exploit.", "name": "20020724 Re: Nanog traceroute format string exploit.",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102753136231920&w=2" "url": "http://marc.info/?l=bugtraq&m=102753136231920&w=2"
}, },
{ {
"name" : "SuSE-SA:2000:041", "name": "20020721 Nanog traceroute format string exploit.",
"refsource" : "SUSE", "refsource": "BUGTRAQ",
"url" : "http://www.novell.com/linux/security/advisories/2000_041_traceroute_txt.html" "url": "http://marc.info/?l=bugtraq&m=102737546927749&w=2"
}, },
{ {
"name" : "4956", "name": "20020723 Re: Nanog traceroute format string exploit.",
"refsource" : "BID", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/bid/4956" "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0254.html"
}, },
{ {
"name" : "tracesroute-t-format-string(9291)", "name": "tracesroute-t-format-string(9291)",
"refsource" : "XF", "refsource": "XF",
"url" : "http://www.iss.net/security_center/static/9291.php" "url": "http://www.iss.net/security_center/static/9291.php"
} }
] ]
} }

68
2002/2xxx/CVE-2002-2048.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2048", "ID": "CVE-2002-2048",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Buffer overflow in PFinger 0.7.8 client allows remote attackers to execute arbitrary code via a long query value passed to the (1) finger program, (2) -l, (3) -d, and (4) -t options. NOTE: if PFinger is not setuid or setgid, then this issue would not cross privilege boundaries and would not be considered a vulnerability." "value": "Buffer overflow in PFinger 0.7.8 client allows remote attackers to execute arbitrary code via a long query value passed to the (1) finger program, (2) -l, (3) -d, and (4) -t options. NOTE: if PFinger is not setuid or setgid, then this issue would not cross privilege boundaries and would not be considered a vulnerability."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20020604 PFinger Buffer Overflow Vulnerability.", "name": "20020604 PFinger Buffer Overflow Vulnerability.",
"refsource" : "VULN-DEV", "refsource": "VULN-DEV",
"url" : "http://marc.info/?l=vuln-dev&m=102321152215055&w=2" "url": "http://marc.info/?l=vuln-dev&m=102321152215055&w=2"
}, },
{ {
"name" : "pfinger-query-bo(9269)", "name": "pfinger-query-bo(9269)",
"refsource" : "XF", "refsource": "XF",
"url" : "http://www.iss.net/security_center/static/9269.php" "url": "http://www.iss.net/security_center/static/9269.php"
} }
] ]
} }

68
2002/2xxx/CVE-2002-2271.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2271", "ID": "CVE-2002-2271",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Buffer overflow in BigFun 1.51b IRC client, when the Direct Client Connection (DCC) option is used, allows remote attackers to cause a denial of service (crash) via a long string." "value": "Buffer overflow in BigFun 1.51b IRC client, when the Direct Client Connection (DCC) option is used, allows remote attackers to cause a denial of service (crash) via a long string."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.securiteam.com/exploits/6G003156AE.html", "name": "bigfun-irc-dcc-dos(10757)",
"refsource" : "MISC", "refsource": "XF",
"url" : "http://www.securiteam.com/exploits/6G003156AE.html" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10757"
}, },
{ {
"name" : "bigfun-irc-dcc-dos(10757)", "name": "http://www.securiteam.com/exploits/6G003156AE.html",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10757" "url": "http://www.securiteam.com/exploits/6G003156AE.html"
} }
] ]
} }

74
2005/0xxx/CVE-2005-0267.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0267", "ID": "CVE-2005-0267",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive." "value": "index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20050102 Multiple Vulnerabilities in FlatNuke", "name": "12150",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://marc.info/?l=bugtraq&m=110477752916772&w=2" "url": "http://www.securityfocus.com/bid/12150"
}, },
{ {
"name" : "12150", "name": "flatnuke-indexphp-gain-access(18741)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/12150" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18741"
}, },
{ {
"name" : "flatnuke-indexphp-gain-access(18741)", "name": "20050102 Multiple Vulnerabilities in FlatNuke",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18741" "url": "http://marc.info/?l=bugtraq&m=110477752916772&w=2"
} }
] ]
} }

74
2005/0xxx/CVE-2005-0849.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0849", "ID": "CVE-2005-0849",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service (crash from invalid memory access) via a malformed join packet with values that cause the server to copy more memory than was actually provided in the packet." "value": "Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service (crash from invalid memory access) via a malformed join packet with values that cause the server to copy more memory than was actually provided in the packet."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://aluigi.altervista.org/adv/funlabsboom-adv.txt", "name": "14638",
"refsource" : "MISC", "refsource": "SECUNIA",
"url" : "http://aluigi.altervista.org/adv/funlabsboom-adv.txt" "url": "http://secunia.com/advisories/14638"
}, },
{ {
"name" : "1013492", "name": "http://aluigi.altervista.org/adv/funlabsboom-adv.txt",
"refsource" : "SECTRACK", "refsource": "MISC",
"url" : "http://securitytracker.com/id?1013492" "url": "http://aluigi.altervista.org/adv/funlabsboom-adv.txt"
}, },
{ {
"name" : "14638", "name": "1013492",
"refsource" : "SECUNIA", "refsource": "SECTRACK",
"url" : "http://secunia.com/advisories/14638" "url": "http://securitytracker.com/id?1013492"
} }
] ]
} }

62
2005/1xxx/CVE-2005-1084.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1084", "ID": "CVE-2005-1084",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter." "value": "SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "14913", "name": "14913",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/14913" "url": "http://secunia.com/advisories/14913"
} }
] ]
} }

110
2005/1xxx/CVE-2005-1508.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1508", "ID": "CVE-2005-1508",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module." "value": "Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20050507 PwsPHP v1.2.2 Final - Multiples vulnerabilities", "name": "16232",
"refsource" : "BUGTRAQ", "refsource": "OSVDB",
"url" : "http://marc.info/?l=bugtraq&m=111565808024581&w=2" "url": "http://www.osvdb.org/16232"
}, },
{ {
"name" : "ADV-2005-0503", "name": "pwsphp-mulitple-scripts-xss(20500)",
"refsource" : "VUPEN", "refsource": "XF",
"url" : "http://www.vupen.com/english/advisories/2005/0503" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20500"
}, },
{ {
"name" : "16228", "name": "16228",
"refsource" : "OSVDB", "refsource": "OSVDB",
"url" : "http://www.osvdb.org/16228" "url": "http://www.osvdb.org/16228"
}, },
{ {
"name" : "16229", "name": "20050507 PwsPHP v1.2.2 Final - Multiples vulnerabilities",
"refsource" : "OSVDB", "refsource": "BUGTRAQ",
"url" : "http://www.osvdb.org/16229" "url": "http://marc.info/?l=bugtraq&m=111565808024581&w=2"
}, },
{ {
"name" : "16230", "name": "16229",
"refsource" : "OSVDB", "refsource": "OSVDB",
"url" : "http://www.osvdb.org/16230" "url": "http://www.osvdb.org/16229"
}, },
{ {
"name" : "16231", "name": "ADV-2005-0503",
"refsource" : "OSVDB", "refsource": "VUPEN",
"url" : "http://www.osvdb.org/16231" "url": "http://www.vupen.com/english/advisories/2005/0503"
}, },
{ {
"name" : "16232", "name": "15315",
"refsource" : "OSVDB", "refsource": "SECUNIA",
"url" : "http://www.osvdb.org/16232" "url": "http://secunia.com/advisories/15315"
}, },
{ {
"name" : "15315", "name": "16231",
"refsource" : "SECUNIA", "refsource": "OSVDB",
"url" : "http://secunia.com/advisories/15315" "url": "http://www.osvdb.org/16231"
}, },
{ {
"name" : "pwsphp-mulitple-scripts-xss(20500)", "name": "16230",
"refsource" : "XF", "refsource": "OSVDB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20500" "url": "http://www.osvdb.org/16230"
} }
] ]
} }

194
2009/0xxx/CVE-2009-0520.json
View File

@ -1,171 +1,171 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0520", "ID": "CVE-2009-0520",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\"" "value": "Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 does not properly remove references to destroyed objects during Shockwave Flash file processing, which allows remote attackers to execute arbitrary code via a crafted file, related to a \"buffer overflow issue.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20090224 Adobe Flash Player Invalid Object Reference Vulnerability", "name": "http://isc.sans.org/diary.html?storyid=5929",
"refsource" : "IDEFENSE", "refsource": "MISC",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773" "url": "http://isc.sans.org/diary.html?storyid=5929"
}, },
{ {
"name" : "http://isc.sans.org/diary.html?storyid=5929", "name": "http://support.apple.com/kb/HT3549",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "http://isc.sans.org/diary.html?storyid=5929" "url": "http://support.apple.com/kb/HT3549"
}, },
{ {
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-01.html", "name": "RHSA-2009:0332",
"refsource" : "CONFIRM", "refsource": "REDHAT",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-01.html" "url": "http://rhn.redhat.com/errata/RHSA-2009-0332.html"
}, },
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=487142", "name": "20090224 Adobe Flash Player Invalid Object Reference Vulnerability",
"refsource" : "CONFIRM", "refsource": "IDEFENSE",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=487142" "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=773"
}, },
{ {
"name" : "http://support.apple.com/kb/HT3549", "name": "35074",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://support.apple.com/kb/HT3549" "url": "http://secunia.com/advisories/35074"
}, },
{ {
"name" : "APPLE-SA-2009-05-12", "name": "34226",
"refsource" : "APPLE", "refsource": "SECUNIA",
"url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" "url": "http://secunia.com/advisories/34226"
}, },
{ {
"name" : "GLSA-200903-23", "name": "APPLE-SA-2009-05-12",
"refsource" : "GENTOO", "refsource": "APPLE",
"url" : "http://security.gentoo.org/glsa/glsa-200903-23.xml" "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
}, },
{ {
"name" : "RHSA-2009:0332", "name": "oval:org.mitre.oval:def:6593",
"refsource" : "REDHAT", "refsource": "OVAL",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0332.html" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593"
}, },
{ {
"name" : "RHSA-2009:0334", "name": "flash-invalid-object-bo(48887)",
"refsource" : "REDHAT", "refsource": "XF",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0334.html" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887"
}, },
{ {
"name" : "254909", "name": "ADV-2009-0743",
"refsource" : "SUNALERT", "refsource": "VUPEN",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1" "url": "http://www.vupen.com/english/advisories/2009/0743"
}, },
{ {
"name" : "TA09-133A", "name": "http://www.adobe.com/support/security/bulletins/apsb09-01.html",
"refsource" : "CERT", "refsource": "CONFIRM",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" "url": "http://www.adobe.com/support/security/bulletins/apsb09-01.html"
}, },
{ {
"name" : "33880", "name": "ADV-2009-0513",
"refsource" : "BID", "refsource": "VUPEN",
"url" : "http://www.securityfocus.com/bid/33880" "url": "http://www.vupen.com/english/advisories/2009/0513"
}, },
{ {
"name" : "oval:org.mitre.oval:def:6593", "name": "GLSA-200903-23",
"refsource" : "OVAL", "refsource": "GENTOO",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6593" "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
}, },
{ {
"name" : "oval:org.mitre.oval:def:16057", "name": "TA09-133A",
"refsource" : "OVAL", "refsource": "CERT",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057" "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
}, },
{ {
"name" : "1021750", "name": "oval:org.mitre.oval:def:16057",
"refsource" : "SECTRACK", "refsource": "OVAL",
"url" : "http://securitytracker.com/id?1021750" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16057"
}, },
{ {
"name" : "34012", "name": "ADV-2009-1297",
"refsource" : "SECUNIA", "refsource": "VUPEN",
"url" : "http://secunia.com/advisories/34012" "url": "http://www.vupen.com/english/advisories/2009/1297"
}, },
{ {
"name" : "34293", "name": "33880",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/34293" "url": "http://www.securityfocus.com/bid/33880"
}, },
{ {
"name" : "34226", "name": "1021750",
"refsource" : "SECUNIA", "refsource": "SECTRACK",
"url" : "http://secunia.com/advisories/34226" "url": "http://securitytracker.com/id?1021750"
}, },
{ {
"name" : "35074", "name": "34293",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/35074" "url": "http://secunia.com/advisories/34293"
}, },
{ {
"name" : "ADV-2009-0513", "name": "254909",
"refsource" : "VUPEN", "refsource": "SUNALERT",
"url" : "http://www.vupen.com/english/advisories/2009/0513" "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1"
}, },
{ {
"name" : "ADV-2009-0743", "name": "RHSA-2009:0334",
"refsource" : "VUPEN", "refsource": "REDHAT",
"url" : "http://www.vupen.com/english/advisories/2009/0743" "url": "http://rhn.redhat.com/errata/RHSA-2009-0334.html"
}, },
{ {
"name" : "ADV-2009-1297", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487142",
"refsource" : "VUPEN", "refsource": "CONFIRM",
"url" : "http://www.vupen.com/english/advisories/2009/1297" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487142"
}, },
{ {
"name" : "flash-invalid-object-bo(48887)", "name": "34012",
"refsource" : "XF", "refsource": "SECUNIA",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48887" "url": "http://secunia.com/advisories/34012"
} }
] ]
} }

74
2009/0xxx/CVE-2009-0702.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0702", "ID": "CVE-2009-0702",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php." "value": "SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "7670", "name": "33114",
"refsource" : "EXPLOIT-DB", "refsource": "BID",
"url" : "https://www.exploit-db.com/exploits/7670" "url": "http://www.securityfocus.com/bid/33114"
}, },
{ {
"name" : "33114", "name": "7670",
"refsource" : "BID", "refsource": "EXPLOIT-DB",
"url" : "http://www.securityfocus.com/bid/33114" "url": "https://www.exploit-db.com/exploits/7670"
}, },
{ {
"name" : "ADV-2009-0026", "name": "ADV-2009-0026",
"refsource" : "VUPEN", "refsource": "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0026" "url": "http://www.vupen.com/english/advisories/2009/0026"
} }
] ]
} }

86
2009/0xxx/CVE-2009-0705.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0705", "ID": "CVE-2009-0705",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter." "value": "SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "7641", "name": "powernews-news-sql-injection(47701)",
"refsource" : "EXPLOIT-DB", "refsource": "XF",
"url" : "https://www.exploit-db.com/exploits/7641" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47701"
}, },
{ {
"name" : "33081", "name": "33081",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/33081" "url": "http://www.securityfocus.com/bid/33081"
}, },
{ {
"name" : "51110", "name": "33363",
"refsource" : "OSVDB", "refsource": "SECUNIA",
"url" : "http://osvdb.org/51110" "url": "http://secunia.com/advisories/33363"
}, },
{ {
"name" : "33363", "name": "51110",
"refsource" : "SECUNIA", "refsource": "OSVDB",
"url" : "http://secunia.com/advisories/33363" "url": "http://osvdb.org/51110"
}, },
{ {
"name" : "powernews-news-sql-injection(47701)", "name": "7641",
"refsource" : "XF", "refsource": "EXPLOIT-DB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47701" "url": "https://www.exploit-db.com/exploits/7641"
} }
] ]
} }

128
2009/1xxx/CVE-2009-1430.json
View File

@ -1,116 +1,116 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1430", "ID": "CVE-2009-1430",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process." "value": "Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20090428 ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability", "name": "ADV-2009-1204",
"refsource" : "BUGTRAQ", "refsource": "VUPEN",
"url" : "http://www.securityfocus.com/archive/1/503080/100/0/threaded" "url": "http://www.vupen.com/english/advisories/2009/1204"
}, },
{ {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-018/", "name": "1022132",
"refsource" : "MISC", "refsource": "SECTRACK",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-018/" "url": "http://www.securitytracker.com/id?1022132"
}, },
{ {
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02", "name": "20090428 ZDI-09-018: Symantec Client Security Alert Originator Service Stack Overflow Vulnerability",
"refsource" : "CONFIRM", "refsource": "BUGTRAQ",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02" "url": "http://www.securityfocus.com/archive/1/503080/100/0/threaded"
}, },
{ {
"name" : "34672", "name": "1022130",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/34672" "url": "http://www.securitytracker.com/id?1022130"
}, },
{ {
"name" : "34674", "name": "34674",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/34674" "url": "http://www.securityfocus.com/bid/34674"
}, },
{ {
"name" : "1022130", "name": "symantec-msgsys-bo(50178)",
"refsource" : "SECTRACK", "refsource": "XF",
"url" : "http://www.securitytracker.com/id?1022130" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50178"
}, },
{ {
"name" : "1022131", "name": "34672",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id?1022131" "url": "http://www.securityfocus.com/bid/34672"
}, },
{ {
"name" : "1022132", "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id?1022132" "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02"
}, },
{ {
"name" : "34856", "name": "symantec-iao-bo(50177)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/34856" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50177"
}, },
{ {
"name" : "ADV-2009-1204", "name": "34856",
"refsource" : "VUPEN", "refsource": "SECUNIA",
"url" : "http://www.vupen.com/english/advisories/2009/1204" "url": "http://secunia.com/advisories/34856"
}, },
{ {
"name" : "symantec-iao-bo(50177)", "name": "1022131",
"refsource" : "XF", "refsource": "SECTRACK",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50177" "url": "http://www.securitytracker.com/id?1022131"
}, },
{ {
"name" : "symantec-msgsys-bo(50178)", "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-018/",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50178" "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-018/"
} }
] ]
} }

110
2009/1xxx/CVE-2009-1528.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2009-1528", "ID": "CVE-2009-1528",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka \"HTML Object Memory Corruption Vulnerability.\"" "value": "Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka \"HTML Object Memory Corruption Vulnerability.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20090610 ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability", "name": "oval:org.mitre.oval:def:6260",
"refsource" : "BUGTRAQ", "refsource": "OVAL",
"url" : "http://www.securityfocus.com/archive/1/504206/100/0/threaded" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6260"
}, },
{ {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-037", "name": "ADV-2009-1538",
"refsource" : "MISC", "refsource": "VUPEN",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-037" "url": "http://www.vupen.com/english/advisories/2009/1538"
}, },
{ {
"name" : "MS09-019", "name": "MS09-019",
"refsource" : "MS", "refsource": "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019" "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019"
}, },
{ {
"name" : "TA09-160A", "name": "54947",
"refsource" : "CERT", "refsource": "OSVDB",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" "url": "http://osvdb.org/54947"
}, },
{ {
"name" : "35222", "name": "TA09-160A",
"refsource" : "BID", "refsource": "CERT",
"url" : "http://www.securityfocus.com/bid/35222" "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
}, },
{ {
"name" : "54947", "name": "1022350",
"refsource" : "OSVDB", "refsource": "SECTRACK",
"url" : "http://osvdb.org/54947" "url": "http://www.securitytracker.com/id?1022350"
}, },
{ {
"name" : "oval:org.mitre.oval:def:6260", "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-037",
"refsource" : "OVAL", "refsource": "MISC",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6260" "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-037"
}, },
{ {
"name" : "1022350", "name": "20090610 ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability",
"refsource" : "SECTRACK", "refsource": "BUGTRAQ",
"url" : "http://www.securitytracker.com/id?1022350" "url": "http://www.securityfocus.com/archive/1/504206/100/0/threaded"
}, },
{ {
"name" : "ADV-2009-1538", "name": "35222",
"refsource" : "VUPEN", "refsource": "BID",
"url" : "http://www.vupen.com/english/advisories/2009/1538" "url": "http://www.securityfocus.com/bid/35222"
} }
] ]
} }

68
2009/1xxx/CVE-2009-1620.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1620", "ID": "CVE-2009-1620",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters." "value": "Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20090425 MataChat Cross-Site Scripting Vulnerabilities", "name": "20090425 MataChat Cross-Site Scripting Vulnerabilities",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503014/100/0/threaded" "url": "http://www.securityfocus.com/archive/1/503014/100/0/threaded"
}, },
{ {
"name" : "34722", "name": "34722",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/34722" "url": "http://www.securityfocus.com/bid/34722"
} }
] ]
} }

22
2012/2xxx/CVE-2012-2412.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2412", "ID": "CVE-2012-2412",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

62
2012/2xxx/CVE-2012-2493.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2012-2493", "ID": "CVE-2012-2493",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523." "value": "The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", "name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"refsource" : "CISCO", "refsource": "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac" "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"
} }
] ]
} }

92
2012/3xxx/CVE-2012-3323.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-3323", "ID": "CVE-2012-3323",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors." "value": "IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085", "name": "55070",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21651085" "url": "http://secunia.com/advisories/55070"
}, },
{ {
"name" : "IV23506", "name": "97924",
"refsource" : "AIXAPAR", "refsource": "OSVDB",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23506" "url": "http://osvdb.org/97924"
}, },
{ {
"name" : "97924", "name": "IV23506",
"refsource" : "OSVDB", "refsource": "AIXAPAR",
"url" : "http://osvdb.org/97924" "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV23506"
}, },
{ {
"name" : "55068", "name": "55068",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/55068" "url": "http://secunia.com/advisories/55068"
}, },
{ {
"name" : "55070", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/55070" "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21651085"
}, },
{ {
"name" : "maximo-cve20123323-priv-esc(77920)", "name": "maximo-cve20123323-priv-esc(77920)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77920"
} }
] ]
} }

74
2012/4xxx/CVE-2012-4051.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4051", "ID": "CVE-2012-4051",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action." "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html", "name": "VU#555668",
"refsource" : "MISC", "refsource": "CERT-VN",
"url" : "http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html" "url": "http://www.kb.cert.org/vuls/id/555668"
}, },
{ {
"name" : "http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf", "name": "http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf" "url": "http://infosec42.blogspot.com/2012/09/jamf-casper-suite-mdm-csrf-vulnerability.html"
}, },
{ {
"name" : "VU#555668", "name": "http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf",
"refsource" : "CERT-VN", "refsource": "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/555668" "url": "http://jamfsoftware.com/libraries/pdf/products/documentation/Casper_Suite_8.61_Release_Notes.pdf"
} }
] ]
} }

80
2012/4xxx/CVE-2012-4550.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4550", "ID": "CVE-2012-4550",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB." "value": "JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "RHSA-2012:1591", "name": "RHSA-2012:1594",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1591.html" "url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html"
}, },
{ {
"name" : "RHSA-2012:1592", "name": "51607",
"refsource" : "REDHAT", "refsource": "SECUNIA",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1592.html" "url": "http://secunia.com/advisories/51607"
}, },
{ {
"name" : "RHSA-2012:1594", "name": "RHSA-2012:1592",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1594.html" "url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html"
}, },
{ {
"name" : "51607", "name": "RHSA-2012:1591",
"refsource" : "SECUNIA", "refsource": "REDHAT",
"url" : "http://secunia.com/advisories/51607" "url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html"
} }
] ]
} }

22
2012/4xxx/CVE-2012-4627.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4627", "ID": "CVE-2012-4627",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

92
2012/4xxx/CVE-2012-4924.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4924", "ID": "CVE-2012-4924",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method." "value": "Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "18538", "name": "48125",
"refsource" : "EXPLOIT-DB", "refsource": "SECUNIA",
"url" : "http://www.exploit-db.com/exploits/18538" "url": "http://secunia.com/advisories/48125"
}, },
{ {
"name" : "http://dsecrg.com/pages/vul/show.php?id=417", "name": "52110",
"refsource" : "MISC", "refsource": "BID",
"url" : "http://dsecrg.com/pages/vul/show.php?id=417" "url": "http://www.securityfocus.com/bid/52110"
}, },
{ {
"name" : "52110", "name": "79438",
"refsource" : "BID", "refsource": "OSVDB",
"url" : "http://www.securityfocus.com/bid/52110" "url": "http://osvdb.org/79438"
}, },
{ {
"name" : "79438", "name": "net4switch-activex-bo(73384)",
"refsource" : "OSVDB", "refsource": "XF",
"url" : "http://osvdb.org/79438" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73384"
}, },
{ {
"name" : "48125", "name": "18538",
"refsource" : "SECUNIA", "refsource": "EXPLOIT-DB",
"url" : "http://secunia.com/advisories/48125" "url": "http://www.exploit-db.com/exploits/18538"
}, },
{ {
"name" : "net4switch-activex-bo(73384)", "name": "http://dsecrg.com/pages/vul/show.php?id=417",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73384" "url": "http://dsecrg.com/pages/vul/show.php?id=417"
} }
] ]
} }

22
2012/6xxx/CVE-2012-6162.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6162", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2012-6162",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }

22
2012/6xxx/CVE-2012-6187.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6187", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2012-6187",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }

22
2012/6xxx/CVE-2012-6279.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6279", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2012-6279",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }

22
2012/6xxx/CVE-2012-6300.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6300", "ID": "CVE-2012-6300",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

68
2017/2xxx/CVE-2017-2323.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sirt@juniper.net", "ASSIGNER": "sirt@juniper.net",
"ID" : "CVE-2017-2323", "ID": "CVE-2017-2323",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "NorthStar Controller Application", "product_name": "NorthStar Controller Application",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to version 2.1.0 Service Pack 1" "version_value": "prior to version 2.1.0 Service Pack 1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Juniper Networks" "vendor_name": "Juniper Networks"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service." "value": "A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker crafting packets destined to the device to cause a persistent denial of service to the path computation server service."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "persistent denial of service" "value": "persistent denial of service"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://kb.juniper.net/JSA10783", "name": "https://kb.juniper.net/JSA10783",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://kb.juniper.net/JSA10783" "url": "https://kb.juniper.net/JSA10783"
}, },
{ {
"name" : "97600", "name": "97600",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/97600" "url": "http://www.securityfocus.com/bid/97600"
} }
] ]
} }

120
2017/2xxx/CVE-2017-2343.json
View File

@ -1,100 +1,100 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sirt@juniper.net", "ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC" : "2017-07-12T09:00", "DATE_PUBLIC": "2017-07-12T09:00",
"ID" : "CVE-2017-2343", "ID": "CVE-2017-2343",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "SRX Series: Hardcoded credentials in Integrated UserFW feature." "TITLE": "SRX Series: Hardcoded credentials in Integrated UserFW feature."
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Junos OS", "product_name": "Junos OS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"platform" : "SRX series", "platform": "SRX series",
"version_value" : "12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35" "version_value": "12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35"
}, },
{ {
"platform" : "SRX series", "platform": "SRX series",
"version_value" : "15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50" "version_value": "15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Juniper Networks" "vendor_name": "Juniper Networks"
} }
] ]
} }
}, },
"configuration" : [], "configuration": [],
"credit" : [], "credit": [],
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromise SRX Series devices, as well as Active Directory servers and services. When Active Directory is compromised, it may allow access to user credentials, workstations, servers performing other functions such as email, database, etc. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full administrative control over one or more Active Directories depending on the credentials supplied by the administrator of the AD domains and SRX devices performing integrated authentication of users, groups and devices. To identify if your device is potentially vulnerable to exploitation, check to see if the service is operating; from CLI review the following output: root@SRX-Firewall# run show services user-identification active-directory-access domain-controller status extensive A result of \"Status: Connected\" will indicate that the service is active on the device. To evaluate if user authentication is occurring through the device: root@SRX-Firewall# run show services user-identification active-directory-access active-directory-authentication-table all Next review the results to see if valid users and groups are returned. e.g. Domain: juniperlab.com Total entries: 3 Source IP Username groups state 172.16.26.1 administrator Valid 192.168.26.2 engg01 engineers Valid 192.168.26.3 guest01 guests Valid Domain: NULL Total entries: 8 Source IP Username groups state 192.168.26.4 Invalid 192.168.26.5 Invalid This will also indicate that Valid users and groups are authenticating through the device. Affected releases are Juniper Networks Junos OS 12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35 on SRX series; 15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50 on SRX series. Devices on any version of Junos OS 12.1X46, or 12.1X47 are unaffected by this issue." "value": "The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review of the UserFW services authentication API, hardcoded credentials were identified and removed which can impact both the SRX Series device, and potentially LDAP and Active Directory integrated points. An attacker may be able to completely compromise SRX Series devices, as well as Active Directory servers and services. When Active Directory is compromised, it may allow access to user credentials, workstations, servers performing other functions such as email, database, etc. Inter-Forest Active Directory deployments may also be at risk as the attacker may gain full administrative control over one or more Active Directories depending on the credentials supplied by the administrator of the AD domains and SRX devices performing integrated authentication of users, groups and devices. To identify if your device is potentially vulnerable to exploitation, check to see if the service is operating; from CLI review the following output: root@SRX-Firewall# run show services user-identification active-directory-access domain-controller status extensive A result of \"Status: Connected\" will indicate that the service is active on the device. To evaluate if user authentication is occurring through the device: root@SRX-Firewall# run show services user-identification active-directory-access active-directory-authentication-table all Next review the results to see if valid users and groups are returned. e.g. Domain: juniperlab.com Total entries: 3 Source IP Username groups state 172.16.26.1 administrator Valid 192.168.26.2 engg01 engineers Valid 192.168.26.3 guest01 guests Valid Domain: NULL Total entries: 8 Source IP Username groups state 192.168.26.4 Invalid 192.168.26.5 Invalid This will also indicate that Valid users and groups are authenticating through the device. Affected releases are Juniper Networks Junos OS 12.3X48 from 12.3X48-D30 and prior to 12.3X48-D35 on SRX series; 15.1X49 from 15.1X49-D40 and prior to 15.1X49-D50 on SRX series. Devices on any version of Junos OS 12.1X46, or 12.1X47 are unaffected by this issue."
} }
] ]
}, },
"exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
"impact" : { "impact": {
"cvss" : { "cvss": {
"attackComplexity" : "LOW", "attackComplexity": "LOW",
"attackVector" : "NETWORK", "attackVector": "NETWORK",
"availabilityImpact" : "HIGH", "availabilityImpact": "HIGH",
"baseScore" : 10, "baseScore": 10,
"baseSeverity" : "CRITICAL", "baseSeverity": "CRITICAL",
"confidentialityImpact" : "HIGH", "confidentialityImpact": "HIGH",
"integrityImpact" : "HIGH", "integrityImpact": "HIGH",
"privilegesRequired" : "NONE", "privilegesRequired": "NONE",
"scope" : "CHANGED", "scope": "CHANGED",
"userInteraction" : "NONE", "userInteraction": "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version" : "3.0" "version": "3.0"
} }
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Use of Hard-coded Credentials" "value": "Use of Hard-coded Credentials"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://kb.juniper.net/JSA10791", "name": "https://kb.juniper.net/JSA10791",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://kb.juniper.net/JSA10791" "url": "https://kb.juniper.net/JSA10791"
}, },
{ {
"name" : "1038904", "name": "1038904",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038904" "url": "http://www.securitytracker.com/id/1038904"
} }
] ]
}, },
"solution" : "The following software releases have been updated to resolve this specific issue: 12.3X48-D35, 15.1X49-D50, and all subsequent releases.\n\nThis issue is being tracked as PR 1171966 and is visible on the Customer Support website.", "solution": "The following software releases have been updated to resolve this specific issue: 12.3X48-D35, 15.1X49-D50, and all subsequent releases.\n\nThis issue is being tracked as PR 1171966 and is visible on the Customer Support website.",
"work_around" : [ "work_around": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "There is no workaround to completely mitigate the risk of this issue.\nCustomers may reduce the risk of exploitation of this issue by disabling the UserFW service on devices running the service until such time that a fix can be taken." "value": "There is no workaround to completely mitigate the risk of this issue.\nCustomers may reduce the risk of exploitation of this issue by disabling the UserFW service on devices running the service until such time that a fix can be taken."
} }
] ]
} }

70
2017/2xxx/CVE-2017-2870.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-08-30T00:00:00", "DATE_PUBLIC": "2017-08-30T00:00:00",
"ID" : "CVE-2017-2870", "ID": "CVE-2017-2870",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Gdk-Pixbuf", "product_name": "Gdk-Pixbuf",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc compiled with clang -O3 flag libtiff 4.0.6" "version_value": "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc compiled with clang -O3 flag libtiff 4.0.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "GNOME" "vendor_name": "GNOME"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability." "value": "An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "remote code execution" "value": "remote code execution"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377", "name": "100541",
"refsource" : "MISC", "refsource": "BID",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377" "url": "http://www.securityfocus.com/bid/100541"
}, },
{ {
"name" : "100541", "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/100541" "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0377"
} }
] ]
} }

74
2017/2xxx/CVE-2017-2955.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-2955", "ID": "CVE-2017-2955",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", "product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." "version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution." "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Use After Free" "value": "Use After Free"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", "name": "1037574",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" "url": "http://www.securitytracker.com/id/1037574"
}, },
{ {
"name" : "95343", "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/95343" "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
}, },
{ {
"name" : "1037574", "name": "95343",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1037574" "url": "http://www.securityfocus.com/bid/95343"
} }
] ]
} }

74
2017/6xxx/CVE-2017-6659.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6659", "ID": "CVE-2017-6659",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Prime Collaboration Assurance", "product_name": "Cisco Prime Collaboration Assurance",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Prime Collaboration Assurance" "version_value": "Cisco Prime Collaboration Assurance"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6." "value": "A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvc91800. Known Affected Releases: 11.5(0) 11.6."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-Site Request Forgery Vulnerability" "value": "Cross-Site Request Forgery Vulnerability"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca", "name": "1038633",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca" "url": "http://www.securitytracker.com/id/1038633"
}, },
{ {
"name" : "98970", "name": "98970",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/98970" "url": "http://www.securityfocus.com/bid/98970"
}, },
{ {
"name" : "1038633", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1038633" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-pca"
} }
] ]
} }

62
2018/11xxx/CVE-2018-11583.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11583", "ID": "CVE-2018-11583",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter." "value": "SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://gist.github.com/alice19940905/88b194b89e83c5c0a394f7f297111e12", "name": "https://gist.github.com/alice19940905/88b194b89e83c5c0a394f7f297111e12",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://gist.github.com/alice19940905/88b194b89e83c5c0a394f7f297111e12" "url": "https://gist.github.com/alice19940905/88b194b89e83c5c0a394f7f297111e12"
} }
] ]
} }

68
2018/14xxx/CVE-2018-14023.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14023", "ID": "CVE-2018-14023",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage." "value": "Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1", "name": "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1" "url": "http://n0sign4l.blogspot.com/2018/08/advisory-id-n0sign4l-002-risk-level-4-5.html?m=1"
}, },
{ {
"name" : "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop", "name": "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop" "url": "https://www.youtube.com/watch?v=oSJscEei5SE&app=desktop"
} }
] ]
} }

22
2018/14xxx/CVE-2018-14116.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14116", "ID": "CVE-2018-14116",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

68
2018/14xxx/CVE-2018-14265.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14265", "ID": "CVE-2018-14265",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.1.1049" "version_value": "9.0.1.1049"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnXFDX method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6028." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the importAnXFDX method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6028."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-725", "name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-725" "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", "name": "https://zerodayinitiative.com/advisories/ZDI-18-725",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://zerodayinitiative.com/advisories/ZDI-18-725"
} }
] ]
} }

22
2018/14xxx/CVE-2018-14569.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14569", "ID": "CVE-2018-14569",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/14xxx/CVE-2018-14759.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14759", "ID": "CVE-2018-14759",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/15xxx/CVE-2018-15223.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15223", "ID": "CVE-2018-15223",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

62
2018/15xxx/CVE-2018-15542.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15542", "ID": "CVE-2018-15542",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred." "value": "** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://gist.github.com/tanprathan/18d0f692a2485acfb5693e2f6dabeb5d", "name": "https://gist.github.com/tanprathan/18d0f692a2485acfb5693e2f6dabeb5d",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://gist.github.com/tanprathan/18d0f692a2485acfb5693e2f6dabeb5d" "url": "https://gist.github.com/tanprathan/18d0f692a2485acfb5693e2f6dabeb5d"
} }
] ]
} }

22
2018/15xxx/CVE-2018-15600.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15600", "ID": "CVE-2018-15600",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/15xxx/CVE-2018-15634.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15634", "ID": "CVE-2018-15634",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

64
2018/15xxx/CVE-2018-15703.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vulnreport@tenable.com", "ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-10-18T00:00:00", "DATE_PUBLIC": "2018-10-18T00:00:00",
"ID" : "CVE-2018-15703", "ID": "CVE-2018-15703",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Advantech WebAccess", "product_name": "Advantech WebAccess",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.3.2 and below" "version_value": "8.3.2 and below"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Advantech" "vendor_name": "Advantech"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser." "value": "Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Reflected Cross Site Scripting" "value": "Reflected Cross Site Scripting"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.tenable.com/security/research/tra-2018-33", "name": "https://www.tenable.com/security/research/tra-2018-33",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-33" "url": "https://www.tenable.com/security/research/tra-2018-33"
} }
] ]
} }

22
2018/20xxx/CVE-2018-20468.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20468", "ID": "CVE-2018-20468",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

156
2018/8xxx/CVE-2018-8288.json
View File

@ -1,182 +1,182 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8288", "ID": "CVE-2018-8288",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ChakraCore", "product_name": "ChakraCore",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ChakraCore" "version_value": "ChakraCore"
} }
] ]
} }
}, },
{ {
"product_name" : "Internet Explorer 11", "product_name": "Internet Explorer 11",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 for 32-bit Systems" "version_value": "Windows 10 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 for x64-based Systems" "version_value": "Windows 10 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for 32-bit Systems" "version_value": "Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for x64-based Systems" "version_value": "Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for 32-bit Systems" "version_value": "Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for x64-based Systems" "version_value": "Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for 32-bit Systems" "version_value": "Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for x64-based Systems" "version_value": "Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for 32-bit Systems" "version_value": "Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for x64-based Systems" "version_value": "Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 7 for 32-bit Systems Service Pack 1" "version_value": "Windows 7 for 32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "Windows 7 for x64-based Systems Service Pack 1" "version_value": "Windows 7 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "Windows 8.1 for 32-bit systems" "version_value": "Windows 8.1 for 32-bit systems"
}, },
{ {
"version_value" : "Windows 8.1 for x64-based systems" "version_value": "Windows 8.1 for x64-based systems"
}, },
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
}, },
{ {
"version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "Windows Server 2012 R2" "version_value": "Windows Server 2012 R2"
}, },
{ {
"version_value" : "Windows Server 2016" "version_value": "Windows Server 2016"
} }
] ]
} }
}, },
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 for 32-bit Systems" "version_value": "Windows 10 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 for x64-based Systems" "version_value": "Windows 10 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for 32-bit Systems" "version_value": "Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for x64-based Systems" "version_value": "Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for 32-bit Systems" "version_value": "Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for x64-based Systems" "version_value": "Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for 32-bit Systems" "version_value": "Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for x64-based Systems" "version_value": "Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for 32-bit Systems" "version_value": "Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for x64-based Systems" "version_value": "Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Windows Server 2016" "version_value": "Windows Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298." "value": "A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Remote Code Execution" "value": "Remote Code Execution"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "45213", "name": "45213",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45213/" "url": "https://www.exploit-db.com/exploits/45213/"
}, },
{ {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8288", "name": "1041256",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8288" "url": "http://www.securitytracker.com/id/1041256"
}, },
{ {
"name" : "104636", "name": "104636",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/104636" "url": "http://www.securityfocus.com/bid/104636"
}, },
{ {
"name" : "1041256", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8288",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1041256" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8288"
}, },
{ {
"name" : "1041258", "name": "1041258",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041258" "url": "http://www.securitytracker.com/id/1041258"
} }
] ]
} }

68
2018/8xxx/CVE-2018-8979.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8979", "ID": "CVE-2018-8979",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI." "value": "Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a user account or inserting XSS sequences via the credentials URI."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "44360", "name": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html",
"refsource" : "EXPLOIT-DB", "refsource": "MISC",
"url" : "https://www.exploit-db.com/exploits/44360/" "url": "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html"
}, },
{ {
"name" : "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html", "name": "44360",
"refsource" : "MISC", "refsource": "EXPLOIT-DB",
"url" : "https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html" "url": "https://www.exploit-db.com/exploits/44360/"
} }
] ]
} }