admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:39:16 +00:00
parent 50609659d9
commit 9a61b810b8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3730 additions and 3730 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2003/0xxx/CVE-2003-0116.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0116",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka \"Modal Dialog script execution.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021203 Poisonous Style for Dialog window turns the zone off.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/301945"
},
{
"name" : "MS03-015",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"name" : "VU#244729",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/244729"
},
{
"name" : "6306",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6306"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka \"Modal Dialog script execution.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021203 Poisonous Style for Dialog window turns the zone off.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/301945"
},
{
"name": "VU#244729",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/244729"
},
{
"name": "MS03-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015"
},
{
"name": "6306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6306"
}
]
}
}

140
2003/0xxx/CVE-2003-0156.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0156",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030311 Cross-Referencing Linux vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104739747222492&w=2"
},
{
"name" : "DSA-264",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-264"
},
{
"name" : "7062",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7062"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-264",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-264"
},
{
"name": "7062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7062"
},
{
"name": "20030311 Cross-Referencing Linux vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104739747222492&w=2"
}
]
}
}

130
2003/0xxx/CVE-2003-0560.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0560",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030704 VPASP SQL Injection Vulnerability & Exploit CODE",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105733277731084&w=2"
},
{
"name" : "8159",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8159"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8159"
},
{
"name": "20030704 VPASP SQL Injection Vulnerability & Exploit CODE",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105733277731084&w=2"
}
]
}
}

140
2003/0xxx/CVE-2003-0644.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2",
"refsource" : "CONFIRM",
"url" : "http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2"
},
{
"name" : "[debian-devel-changes] 20030909 Accepted kdbg 1.2.9-1 (i386 source)",
"refsource" : "MLIST",
"url" : "http://lists.debian.org/debian-devel-changes/2003/09/msg00767.html"
},
{
"name" : "RHSA-2005:416",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-416.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2",
"refsource": "CONFIRM",
"url": "http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2"
},
{
"name": "[debian-devel-changes] 20030909 Accepted kdbg 1.2.9-1 (i386 source)",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-devel-changes/2003/09/msg00767.html"
},
{
"name": "RHSA-2005:416",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-416.html"
}
]
}
}

120
2003/0xxx/CVE-2003-0830.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0830",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-390",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-390"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-390",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-390"
}
]
}
}

140
2003/1xxx/CVE-2003-1106.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1106",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "330716",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/default.aspx?kbid=330716"
},
{
"name" : "VU#155252",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/155252"
},
{
"name" : "8195",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8195"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "330716",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?kbid=330716"
},
{
"name": "VU#155252",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/155252"
},
{
"name": "8195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8195"
}
]
}
}

170
2003/1xxx/CVE-2003-1216.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1216",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031127 phpBB 2.06 search.php SQL injection",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106997132425576&w=2"
},
{
"name" : "20031128 [Hat-Squad] phpBB search_id injection exploit",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107005608726609&w=2"
},
{
"name" : "20031220 phpBB v2.06 search_id sql injection exploit",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107196735102970&w=2"
},
{
"name" : "http://www.phpbb.com/phpBB/viewtopic.php?t=153818",
"refsource" : "CONFIRM",
"url" : "http://www.phpbb.com/phpBB/viewtopic.php?t=153818"
},
{
"name" : "9122",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9122"
},
{
"name" : "phpbb-searchphp-sql-injection(13867)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13867"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?t=153818",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=153818"
},
{
"name": "phpbb-searchphp-sql-injection(13867)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13867"
},
{
"name": "20031220 phpBB v2.06 search_id sql injection exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107196735102970&w=2"
},
{
"name": "9122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9122"
},
{
"name": "20031128 [Hat-Squad] phpBB search_id injection exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107005608726609&w=2"
},
{
"name": "20031127 phpBB 2.06 search.php SQL injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106997132425576&w=2"
}
]
}
}

140
2003/1xxx/CVE-2003-1322.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1322",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030606 Multiple Buffer Overflow Vulnerabilities Found in MERCUR Mail server v.4.2 (SP2) - IMAP protocol",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/324136"
},
{
"name" : "7842",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7842"
},
{
"name" : "mercur-multiple-bo(12203)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/12203.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mercur-multiple-bo(12203)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/12203.php"
},
{
"name": "20030606 Multiple Buffer Overflow Vulnerabilities Found in MERCUR Mail server v.4.2 (SP2) - IMAP protocol",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/324136"
},
{
"name": "7842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7842"
}
]
}
}

240
2004/0xxx/CVE-2004-0148.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0148",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-457",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-457"
},
{
"name" : "SSRT4704",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=108999466902690&w=2"
},
{
"name" : "RHSA-2004:096",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"name" : "9832",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9832"
},
{
"name" : "ADV-2006-1867",
"refsource" : "FRSIRT",
"url" : "http://www.frsirt.com/english/advisories/2006/1867"
},
{
"name" : "oval:org.mitre.oval:def:1147",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"name" : "oval:org.mitre.oval:def:1636",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"name" : "oval:org.mitre.oval:def:1637",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"name" : "oval:org.mitre.oval:def:648",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
},
{
"name" : "11055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11055"
},
{
"name" : "20168",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20168"
},
{
"name" : "102356",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"name" : "wuftpd-restrictedgid-gain-access(15423)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wuftpd-restrictedgid-gain-access(15423)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15423"
},
{
"name": "oval:org.mitre.oval:def:1637",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637"
},
{
"name": "102356",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1"
},
{
"name": "DSA-457",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-457"
},
{
"name": "oval:org.mitre.oval:def:1147",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147"
},
{
"name": "11055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11055"
},
{
"name": "20168",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20168"
},
{
"name": "SSRT4704",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=108999466902690&w=2"
},
{
"name": "9832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9832"
},
{
"name": "oval:org.mitre.oval:def:648",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648"
},
{
"name": "RHSA-2004:096",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-096.html"
},
{
"name": "oval:org.mitre.oval:def:1636",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636"
},
{
"name": "ADV-2006-1867",
"refsource": "FRSIRT",
"url": "http://www.frsirt.com/english/advisories/2006/1867"
}
]
}
}

34
2004/0xxx/CVE-2004-0439.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0439",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0439",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

250
2004/0xxx/CVE-2004-0452.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0452",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-620",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-620"
},
{
"name" : "FLSA-2006:152845",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name" : "GLSA-200501-38",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"name" : "RHSA-2005:103",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"name" : "RHSA-2005:105",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"name" : "20060101-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name" : "USN-44-1",
"refsource" : "UBUNTU",
"url" : "https://www.ubuntu.com/usn/usn-44-1/"
},
{
"name" : "20050111 [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110547693019788&w=2"
},
{
"name" : "12072",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12072"
},
{
"name" : "oval:org.mitre.oval:def:9938",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938"
},
{
"name" : "12991",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12991"
},
{
"name" : "18517",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18517"
},
{
"name" : "55314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55314"
},
{
"name" : "perl-filepathrmtree-insecure-permissions(18650)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18650"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:105",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-105.html"
},
{
"name": "oval:org.mitre.oval:def:9938",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9938"
},
{
"name": "RHSA-2005:103",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-103.html"
},
{
"name": "55314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55314"
},
{
"name": "DSA-620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-620"
},
{
"name": "20060101-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "FLSA-2006:152845",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12991"
},
{
"name": "20050111 [OpenPKG-SA-2005.001] OpenPKG Security Advisory (perl)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110547693019788&w=2"
},
{
"name": "USN-44-1",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/usn-44-1/"
},
{
"name": "GLSA-200501-38",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"name": "12072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12072"
},
{
"name": "18517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18517"
},
{
"name": "perl-filepathrmtree-insecure-permissions(18650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18650"
}
]
}
}

34
2004/0xxx/CVE-2004-0509.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0509",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0509",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2004/0xxx/CVE-2004-0684.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0684",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040708 CYBSEC - Security Advisory: Denial of Service in IBM WebSphere",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108938997528245&w=2"
},
{
"name" : "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf",
"refsource" : "MISC",
"url" : "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf"
},
{
"name" : "ibm-edge-caching-dos(16607)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16607"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-edge-caching-dos(16607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16607"
},
{
"name": "20040708 CYBSEC - Security Advisory: Denial of Service in IBM WebSphere",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108938997528245&w=2"
},
{
"name": "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf",
"refsource": "MISC",
"url": "http://www.cybsec.com/vuln/IBM-WebSphere-Edge-Server-DOS.pdf"
}
]
}
}

180
2004/2xxx/CVE-2004-2255.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name" : "http://www.phpmyfaq.de/advisory_2004-05-18.php",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name" : "10374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10374"
},
{
"name" : "6300",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6300"
},
{
"name" : "1010190",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1010190"
},
{
"name" : "11640",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11640"
},
{
"name" : "phpmyfaq-file-include(16177)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyfaq.de/advisory_2004-05-18.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyfaq.de/advisory_2004-05-18.php"
},
{
"name": "10374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10374"
},
{
"name": "1010190",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010190"
},
{
"name": "20040518 Advisory 05/2004: phpMyFAQ local file inclusion vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0906.html"
},
{
"name": "phpmyfaq-file-include(16177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16177"
},
{
"name": "6300",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6300"
},
{
"name": "11640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11640"
}
]
}
}

140
2004/2xxx/CVE-2004-2286.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2286",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040517 RE: [Full-Disclosure] Buffer Overflow in ActivePerl ?",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html"
},
{
"name" : "10380",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10380"
},
{
"name" : "perl-duplication-bo(16224)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16224"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "perl-duplication-bo(16224)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16224"
},
{
"name": "10380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10380"
},
{
"name": "20040517 RE: [Full-Disclosure] Buffer Overflow in ActivePerl ?",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0878.html"
}
]
}
}

170
2004/2xxx/CVE-2004-2581.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a \"specific string.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?2972080.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?2972080.htm"
},
{
"name" : "11061",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11061"
},
{
"name" : "9268",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/9268"
},
{
"name" : "1011074",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011074"
},
{
"name" : "12366",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12366"
},
{
"name" : "ichain-dos(17134)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17134"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a \"specific string.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9268",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9268"
},
{
"name": "1011074",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011074"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2972080.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?2972080.htm"
},
{
"name": "ichain-dos(17134)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17134"
},
{
"name": "11061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11061"
},
{
"name": "12366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12366"
}
]
}
}

200
2008/2xxx/CVE-2008-2618.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2618",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2620, CVE-2008-2621, and CVE-2008-2622."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name" : "ADV-2008-2115",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2115"
},
{
"name" : "ADV-2008-2109",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2109/references"
},
{
"name" : "1020497",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020497"
},
{
"name" : "31113",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31113"
},
{
"name" : "31087",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31087"
},
{
"name" : "oracle-peopletools-privilege-escalation(43820)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43820"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2620, CVE-2008-2621, and CVE-2008-2622."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
},
{
"name": "ADV-2008-2115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2115"
},
{
"name": "oracle-peopletools-privilege-escalation(43820)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43820"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name": "1020497",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020497"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name": "ADV-2008-2109",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2109/references"
},
{
"name": "31087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31087"
},
{
"name": "31113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31113"
}
]
}
}

170
2008/2xxx/CVE-2008-2760.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2760",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080611 Xigla Multiple Products - Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=121322052622903&w=2"
},
{
"name" : "http://bugreport.ir/index.php?/41",
"refsource" : "MISC",
"url" : "http://bugreport.ir/index.php?/41"
},
{
"name" : "29672",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29672"
},
{
"name" : "30641",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30641"
},
{
"name" : "3950",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3950"
},
{
"name" : "absolutebanner-searchbanners-sql-injection(43046)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43046"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30641"
},
{
"name": "http://bugreport.ir/index.php?/41",
"refsource": "MISC",
"url": "http://bugreport.ir/index.php?/41"
},
{
"name": "29672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29672"
},
{
"name": "absolutebanner-searchbanners-sql-injection(43046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43046"
},
{
"name": "20080611 Xigla Multiple Products - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=121322052622903&w=2"
},
{
"name": "3950",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3950"
}
]
}
}

150
2008/2xxx/CVE-2008-2895.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2895",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5884",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5884"
},
{
"name" : "29860",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29860"
},
{
"name" : "30800",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30800"
},
{
"name" : "aproxengine-index-file-include(43245)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43245"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5884",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5884"
},
{
"name": "29860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29860"
},
{
"name": "30800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30800"
},
{
"name": "aproxengine-index-file-include(43245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43245"
}
]
}
}

160
2012/0xxx/CVE-2012-0666.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0666",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-0666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5261",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5261"
},
{
"name" : "APPLE-SA-2012-05-15-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00005.html"
},
{
"name" : "53577",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53577"
},
{
"name" : "oval:org.mitre.oval:def:16123",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16123"
},
{
"name" : "1027065",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027065"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027065",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027065"
},
{
"name": "http://support.apple.com/kb/HT5261",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5261"
},
{
"name": "oval:org.mitre.oval:def:16123",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16123"
},
{
"name": "APPLE-SA-2012-05-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00005.html"
},
{
"name": "53577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53577"
}
]
}
}

34
2012/1xxx/CVE-2012-1379.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1379",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1379",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2012/1xxx/CVE-2012-1433.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1433",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\4a\\46\\49\\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/522005"
},
{
"name" : "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource" : "MISC",
"url" : "http://www.ieee-security.org/TC/SP2012/program.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\4a\\46\\49\\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
]
}
}

140
2012/1xxx/CVE-2012-1878.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"OnBeforeDeactivate Event Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-1878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS12-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037"
},
{
"name" : "TA12-164A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
},
{
"name" : "oval:org.mitre.oval:def:15632",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15632"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"OnBeforeDeactivate Event Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-164A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
},
{
"name": "MS12-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037"
},
{
"name": "oval:org.mitre.oval:def:15632",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15632"
}
]
}
}

34
2012/5xxx/CVE-2012-5020.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5020",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5020",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2012/5xxx/CVE-2012-5146.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-5146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=165622",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=165622"
},
{
"name" : "openSUSE-SU-2013:0236",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html"
},
{
"name" : "oval:org.mitre.oval:def:16372",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0236",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00005.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=165622",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=165622"
},
{
"name": "oval:org.mitre.oval:def:16372",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16372"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/01/stable-channel-update.html"
}
]
}
}

150
2012/5xxx/CVE-2012-5300.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18306",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18306"
},
{
"name" : "http://1337day.com/exploits/17328",
"refsource" : "MISC",
"url" : "http://1337day.com/exploits/17328"
},
{
"name" : "51243",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51243"
},
{
"name" : "tiendavirtual-artcatalogo-sql-injection(72108)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72108"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51243"
},
{
"name": "18306",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18306"
},
{
"name": "tiendavirtual-artcatalogo-sql-injection(72108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72108"
},
{
"name": "http://1337day.com/exploits/17328",
"refsource": "MISC",
"url": "http://1337day.com/exploits/17328"
}
]
}
}

380
2012/5xxx/CVE-2012-5611.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "23075",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/23075"
},
{
"name" : "20121201 MySQL (Linux) Stack based buffer overrun PoC Zeroday",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2012/Dec/4"
},
{
"name" : "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/12/02/3"
},
{
"name" : "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/12/02/4"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name" : "https://kb.askmonty.org/en/mariadb-5166-release-notes/",
"refsource" : "CONFIRM",
"url" : "https://kb.askmonty.org/en/mariadb-5166-release-notes/"
},
{
"name" : "https://kb.askmonty.org/en/mariadb-5213-release-notes/",
"refsource" : "CONFIRM",
"url" : "https://kb.askmonty.org/en/mariadb-5213-release-notes/"
},
{
"name" : "https://kb.askmonty.org/en/mariadb-5311-release-notes/",
"refsource" : "CONFIRM",
"url" : "https://kb.askmonty.org/en/mariadb-5311-release-notes/"
},
{
"name" : "https://kb.askmonty.org/en/mariadb-5528a-release-notes/",
"refsource" : "CONFIRM",
"url" : "https://kb.askmonty.org/en/mariadb-5528a-release-notes/"
},
{
"name" : "DSA-2581",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2581"
},
{
"name" : "GLSA-201308-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "MDVSA-2013:102",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"
},
{
"name" : "RHSA-2012:1551",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1551.html"
},
{
"name" : "RHSA-2013:0180",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0180.html"
},
{
"name" : "openSUSE-SU-2013:0013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html"
},
{
"name" : "openSUSE-SU-2013:0011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html"
},
{
"name" : "openSUSE-SU-2013:0014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html"
},
{
"name" : "openSUSE-SU-2013:0135",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html"
},
{
"name" : "openSUSE-SU-2013:0156",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html"
},
{
"name" : "SUSE-SU-2013:0262",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html"
},
{
"name" : "openSUSE-SU-2013:1412",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html"
},
{
"name" : "USN-1658-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1658-1"
},
{
"name" : "USN-1703-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1703-1"
},
{
"name" : "oval:org.mitre.oval:def:16395",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395"
},
{
"name" : "51443",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51443"
},
{
"name" : "53372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.askmonty.org/en/mariadb-5528a-release-notes/",
"refsource": "CONFIRM",
"url": "https://kb.askmonty.org/en/mariadb-5528a-release-notes/"
},
{
"name": "openSUSE-SU-2013:0013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00001.html"
},
{
"name": "23075",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/23075"
},
{
"name": "USN-1703-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1703-1"
},
{
"name": "MDVSA-2013:102",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"
},
{
"name": "openSUSE-SU-2013:0156",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "openSUSE-SU-2013:0135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html"
},
{
"name": "openSUSE-SU-2013:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/02/3"
},
{
"name": "https://kb.askmonty.org/en/mariadb-5166-release-notes/",
"refsource": "CONFIRM",
"url": "https://kb.askmonty.org/en/mariadb-5166-release-notes/"
},
{
"name": "RHSA-2013:0180",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0180.html"
},
{
"name": "20121201 MySQL (Linux) Stack based buffer overrun PoC Zeroday",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Dec/4"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "[oss-security] 20121202 Re: Re: [Full-disclosure] MySQL (Linux) Stack based buffer overrun PoC Zeroday",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/02/4"
},
{
"name": "RHSA-2012:1551",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1551.html"
},
{
"name": "DSA-2581",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2581"
},
{
"name": "SUSE-SU-2013:0262",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00000.html"
},
{
"name": "openSUSE-SU-2013:0014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html"
},
{
"name": "51443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51443"
},
{
"name": "openSUSE-SU-2013:1412",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00010.html"
},
{
"name": "https://kb.askmonty.org/en/mariadb-5311-release-notes/",
"refsource": "CONFIRM",
"url": "https://kb.askmonty.org/en/mariadb-5311-release-notes/"
},
{
"name": "oval:org.mitre.oval:def:16395",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16395"
},
{
"name": "USN-1658-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1658-1"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "https://kb.askmonty.org/en/mariadb-5213-release-notes/",
"refsource": "CONFIRM",
"url": "https://kb.askmonty.org/en/mariadb-5213-release-notes/"
}
]
}
}

210
2012/5xxx/CVE-2012-5624.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5624",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
"refsource" : "MLIST",
"url" : "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"name" : "[oss-security] 20121204 Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=883415",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
},
{
"name" : "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71",
"refsource" : "CONFIRM",
"url" : "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"name" : "https://codereview.qt-project.org/#change,40034",
"refsource" : "CONFIRM",
"url" : "https://codereview.qt-project.org/#change,40034"
},
{
"name" : "openSUSE-SU-2013:0143",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"name" : "openSUSE-SU-2013:0154",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"name" : "openSUSE-SU-2013:0157",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"name" : "USN-1723-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name" : "52217",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/52217"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0157",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"
},
{
"name": "USN-1723-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1723-1"
},
{
"name": "52217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52217"
},
{
"name": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71",
"refsource": "CONFIRM",
"url": "http://qt.gitorious.org/qt/qt/commit/96311def2466dd44de64d77a1c815b22fbf68f71"
},
{
"name": "[oss-security] 20121204 Re: CVE Request -- Qt (x < 4.8.4): QML XmlHttpRequest insecure redirection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/04/8"
},
{
"name": "https://codereview.qt-project.org/#change,40034",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#change,40034"
},
{
"name": "[Announce] 20121130 Qt Project Security Advisory: QML XmlHttpRequest Insecure Redirection",
"refsource": "MLIST",
"url": "http://lists.qt-project.org/pipermail/announce/2012-November/000014.html"
},
{
"name": "openSUSE-SU-2013:0154",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00045.html"
},
{
"name": "openSUSE-SU-2013:0143",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=883415",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883415"
}
]
}
}

150
2012/5xxx/CVE-2012-5882.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5882",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/",
"refsource" : "CONFIRM",
"url" : "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"name" : "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/",
"refsource" : "CONFIRM",
"url" : "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"name" : "http://yuilibrary.com/support/20121030-vulnerability/",
"refsource" : "CONFIRM",
"url" : "http://yuilibrary.com/support/20121030-vulnerability/"
},
{
"name" : "56385",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56385"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/",
"refsource": "CONFIRM",
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/",
"refsource": "CONFIRM",
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"name": "56385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56385"
},
{
"name": "http://yuilibrary.com/support/20121030-vulnerability/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
}
]
}
}

150
2017/3xxx/CVE-2017-3483.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Enterprise Limits and Collateral Management",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.0.0"
},
{
"version_affected" : "=",
"version_value" : "12.1.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Easily \"exploitable\" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle FLEXCUBE Enterprise Limits and Collateral Management executes to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle FLEXCUBE Enterprise Limits and Collateral Management executes to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Enterprise Limits and Collateral Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "12.1.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "97846",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97846"
},
{
"name" : "1038304",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038304"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Easily \"exploitable\" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle FLEXCUBE Enterprise Limits and Collateral Management executes to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily \"exploitable\" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle FLEXCUBE Enterprise Limits and Collateral Management executes to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038304"
},
{
"name": "97846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97846"
}
]
}
}

178
2017/3xxx/CVE-2017-3514.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3514",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "Java SE: 6u141"
},
{
"version_affected" : "=",
"version_value" : "7u131"
},
{
"version_affected" : "=",
"version_value" : "8u121"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 6u141"
},
{
"version_affected": "=",
"version_value": "7u131"
},
{
"version_affected": "=",
"version_value": "8u121"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "GLSA-201705-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-03"
},
{
"name" : "GLSA-201707-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201707-01"
},
{
"name" : "97729",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97729"
},
{
"name" : "1038286",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038286"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201705-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-03"
},
{
"name": "97729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97729"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038286",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038286"
},
{
"name": "GLSA-201707-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-01"
}
]
}
}

190
2017/3xxx/CVE-2017-3823.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-3823",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco WebEx browser extensions",
"version" : {
"version_data" : [
{
"version_value" : "Cisco WebEx browser extensions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-119"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-3823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx browser extensions",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx browser extensions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html",
"refsource" : "MISC",
"url" : "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"name" : "https://blog.filippo.io/webex-extension-vulnerability/",
"refsource" : "MISC",
"url" : "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
},
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"name" : "VU#909240",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/909240"
},
{
"name" : "95737",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95737"
},
{
"name" : "1037680",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037680"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1096"
},
{
"name": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html"
},
{
"name": "VU#909240",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/909240"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex"
},
{
"name": "https://blog.filippo.io/webex-extension-vulnerability/",
"refsource": "MISC",
"url": "https://blog.filippo.io/webex-extension-vulnerability/"
},
{
"name": "95737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95737"
},
{
"name": "1037680",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037680"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1100"
}
]
}
}

120
2017/7xxx/CVE-2017-7313.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://amswoes.wordpress.com/2017/06/06/cve-2017-7313-how-to-dump-personify-customer-data-with-one-click-23/",
"refsource" : "MISC",
"url" : "https://amswoes.wordpress.com/2017/06/06/cve-2017-7313-how-to-dump-personify-customer-data-with-one-click-23/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, it is possible to read any customer name, master Customer Id, and email address. In other words, anyone can search for users/customers in the system - no authentication is required."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://amswoes.wordpress.com/2017/06/06/cve-2017-7313-how-to-dump-personify-customer-data-with-one-click-23/",
"refsource": "MISC",
"url": "https://amswoes.wordpress.com/2017/06/06/cve-2017-7313-how-to-dump-personify-customer-data-with-one-click-23/"
}
]
}
}

120
2017/7xxx/CVE-2017-7338.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@fortinet.com",
"ID" : "CVE-2017-7338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Fortinet FortiPortal",
"version" : {
"version_data" : [
{
"version_value" : "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name" : "Fortinet, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource" : "CONFIRM",
"url" : "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}

160
2017/7xxx/CVE-2017-7595.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c"
},
{
"name" : "DSA-3844",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3844"
},
{
"name" : "GLSA-201709-27",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-27"
},
{
"name" : "USN-3602-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3602-1/"
},
{
"name" : "97501",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3844",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3844"
},
{
"name": "GLSA-201709-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-27"
},
{
"name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c"
},
{
"name": "USN-3602-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3602-1/"
},
{
"name": "97501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97501"
}
]
}
}

150
2017/7xxx/CVE-2017-7613.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7613",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html"
},
{
"name" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c"
},
{
"name" : "GLSA-201710-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-10"
},
{
"name" : "USN-3670-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3670-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "elflint.c in elfutils 0.168 does not validate the number of sections and the number of segments, which allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3670-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3670-1/"
},
{
"name": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c"
},
{
"name": "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html"
},
{
"name": "GLSA-201710-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-10"
}
]
}
}

150
2017/8xxx/CVE-2017-8007.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"ID" : "CVE-2017-8007",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs",
"version" : {
"version_data" : [
{
"version_value" : "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs",
"version": {
"version_data": [
{
"version_value": "EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R (Watch4Net) for SAS Solution Packs"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/fulldisclosure/2017/Sep/51",
"refsource" : "CONFIRM",
"url" : "http://seclists.org/fulldisclosure/2017/Sep/51"
},
{
"name" : "100957",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100957"
},
{
"name" : "1039417",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039417"
},
{
"name" : "1039418",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039418"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnerability to access unauthorized information, and modify or delete data, by supplying specially crafted strings in input parameters of the web service call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100957"
},
{
"name": "1039418",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039418"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Sep/51",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Sep/51"
},
{
"name": "1039417",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039417"
}
]
}
}

120
2017/8xxx/CVE-2017-8298.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8298",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a \"Posts > Add New\" action, and during creation of new tags and users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/cnvs/canvas/issues/331",
"refsource" : "CONFIRM",
"url" : "https://github.com/cnvs/canvas/issues/331"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a \"Posts > Add New\" action, and during creation of new tags and users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cnvs/canvas/issues/331",
"refsource": "CONFIRM",
"url": "https://github.com/cnvs/canvas/issues/331"
}
]
}
}

140
2017/8xxx/CVE-2017-8527.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Graphics",
"version" : {
"version_data" : [
{
"version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Graphics Remote Code Execution Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Graphics",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
},
{
"name" : "98933",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98933"
},
{
"name" : "1038680",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038680"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka \"Windows Graphics Remote Code Execution Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038680",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038680"
},
{
"name": "98933",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98933"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8527"
}
]
}
}

142
2017/8xxx/CVE-2017-8624.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-8624",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Common Log File System Driver",
"version" : {
"version_data" : [
{
"version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka \"Windows CLFS Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-8624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Common Log File System Driver",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8624",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8624"
},
{
"name" : "100061",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100061"
},
{
"name" : "1039106",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka \"Windows CLFS Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039106"
},
{
"name": "100061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100061"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8624",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8624"
}
]
}
}

34
2018/10xxx/CVE-2018-10014.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10014",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10014",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/10xxx/CVE-2018-10630.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-08-09T00:00:00",
"ID" : "CVE-2018-10630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001",
"version" : {
"version_data" : [
{
"version_value" : "Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001"
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control CWE-284"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-09T00:00:00",
"ID": "CVE-2018-10630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001",
"version": {
"version_data": [
{
"version_value": "Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01"
},
{
"name" : "105051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105051"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105051"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-01"
}
]
}
}

170
2018/10xxx/CVE-2018-10841.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2018-10841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "glusterfs",
"version" : {
"version_data" : [
{
"version_value" : "all"
}
]
}
}
]
},
"vendor_name" : "Red Hat"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.6/CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-288"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "glusterfs",
"version": {
"version_data": [
{
"version_value": "all"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841"
},
{
"name" : "https://review.gluster.org/#/c/20328/",
"refsource" : "CONFIRM",
"url" : "https://review.gluster.org/#/c/20328/"
},
{
"name" : "RHSA-2018:1954",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1954"
},
{
"name" : "RHSA-2018:1955",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1955"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.6/CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841"
},
{
"name": "RHSA-2018:1955",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1955"
},
{
"name": "https://review.gluster.org/#/c/20328/",
"refsource": "CONFIRM",
"url": "https://review.gluster.org/#/c/20328/"
},
{
"name": "RHSA-2018:1954",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1954"
}
]
}
}

34
2018/10xxx/CVE-2018-10948.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10948",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10948",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2018/12xxx/CVE-2018-12221.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2019-03-12T00:00:00",
"ID" : "CVE-2018-12221",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel(R) Graphics Driver for Windows",
"version" : {
"version_data" : [
{
"version_value" : "Multiple versions."
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an integer overflow via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2019-03-12T00:00:00",
"ID": "CVE-2018-12221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) Graphics Driver for Windows",
"version": {
"version_data": [
{
"version_value": "Multiple versions."
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an integer overflow via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html"
}
]
}
}

120
2018/12xxx/CVE-2018-12230.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12230",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/document/d/1_Q3rglY4FkRCGhFm4V8N1A8HSoq4fYW6bOPlgkuWmZc/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/document/d/1_Q3rglY4FkRCGhFm4V8N1A8HSoq4fYW6bOPlgkuWmZc/edit?usp=sharing"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.google.com/document/d/1_Q3rglY4FkRCGhFm4V8N1A8HSoq4fYW6bOPlgkuWmZc/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/document/d/1_Q3rglY4FkRCGhFm4V8N1A8HSoq4fYW6bOPlgkuWmZc/edit?usp=sharing"
}
]
}
}

120
2018/12xxx/CVE-2018-12918.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12918",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/cloudwu/pbc/issues/121",
"refsource" : "MISC",
"url" : "https://github.com/cloudwu/pbc/issues/121"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cloudwu/pbc/issues/121",
"refsource": "MISC",
"url": "https://github.com/cloudwu/pbc/issues/121"
}
]
}
}

130
2018/13xxx/CVE-2018-13588.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for Code47 (C47), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Code47",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Code47"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for Code47 (C47), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Code47",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/Code47"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

130
2018/13xxx/CVE-2018-13769.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13769",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JeansToken",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JeansToken"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for JeansToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JeansToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/JeansToken"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

120
2018/17xxx/CVE-2018-17127.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/ASUS/GT-AC5300/dos1",
"refsource" : "MISC",
"url" : "https://github.com/PAGalaxyLab/VulInfo/tree/master/ASUS/GT-AC5300/dos1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PAGalaxyLab/VulInfo/tree/master/ASUS/GT-AC5300/dos1",
"refsource": "MISC",
"url": "https://github.com/PAGalaxyLab/VulInfo/tree/master/ASUS/GT-AC5300/dos1"
}
]
}
}

130
2018/17xxx/CVE-2018-17160.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secteam@freebsd.org",
"ID" : "CVE-2018-17160",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FreeBSD",
"version" : {
"version_data" : [
{
"version_value" : "FreeBSD 11.2 before 11.2-RELEASE-p6"
}
]
}
}
]
},
"vendor_name" : "FreeBSD"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient bounds checking"
}
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"ID": "CVE-2018-17160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 11.2 before 11.2-RELEASE-p6"
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-18:14",
"refsource" : "FREEBSD",
"url" : "https://security.freebsd.org/advisories/FreeBSD-SA-18:14.bhyve.asc"
},
{
"name" : "106210",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106210"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient bounds checking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-18:14",
"refsource": "FREEBSD",
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-18:14.bhyve.asc"
},
{
"name": "106210",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106210"
}
]
}
}

120
2018/17xxx/CVE-2018-17369.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/qzw1210/springboot_authority/issues/4",
"refsource" : "MISC",
"url" : "https://github.com/qzw1210/springboot_authority/issues/4"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/qzw1210/springboot_authority/issues/4",
"refsource": "MISC",
"url": "https://github.com/qzw1210/springboot_authority/issues/4"
}
]
}
}

34
2018/17xxx/CVE-2018-17452.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17452",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17452",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/17xxx/CVE-2018-17840.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17840",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17840",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9748.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9748",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9748",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}