admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:31:33 +00:00
parent 9974018470
commit 9e4f1403e0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
100 changed files with 7134 additions and 7134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2003/1xxx/CVE-2003-1045.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1045",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/343185"
},
{
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=209376",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=209376"
},
{
"name" : "CLA-2003:774",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774"
},
{
"name" : "8953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8953"
},
{
"name" : "bugzilla-obtain-information(13600)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13600"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/343185"
},
{
"name": "CLA-2003:774",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774"
},
{
"name": "bugzilla-obtain-information(13600)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13600"
},
{
"name": "8953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8953"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=209376",
"refsource": "CONFIRM",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=209376"
}
]
}
}

140
2003/1xxx/CVE-2003-1052.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030805 Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1 all binaries",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/331904"
},
{
"name" : "8346",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8346"
},
{
"name" : "ibm-db2-gain-privileges(12826)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-db2-gain-privileges(12826)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12826"
},
{
"name": "20030805 Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1 all binaries",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/331904"
},
{
"name": "8346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8346"
}
]
}
}

150
2003/1xxx/CVE-2003-1378.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1378",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030223 O UT LO OK E XPRE SS 6 .00 : broken",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/312910"
},
{
"name" : "20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/312929"
},
{
"name" : "outlook-codebase-execute-programs(11411)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11411"
},
{
"name" : "6923",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6923"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030223 O UT LO OK E XPRE SS 6 .00 : broken",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/312910"
},
{
"name": "outlook-codebase-execute-programs(11411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11411"
},
{
"name": "6923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6923"
},
{
"name": "20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/312929"
}
]
}
}

150
2003/1xxx/CVE-2003-1445.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1445",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030211 SECURITY.NNOV: Far buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/311334"
},
{
"name" : "6822",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6822"
},
{
"name" : "3281",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3281"
},
{
"name" : "far-long-path-bo(11293)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11293"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "far-long-path-bo(11293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11293"
},
{
"name": "3281",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3281"
},
{
"name": "6822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6822"
},
{
"name": "20030211 SECURITY.NNOV: Far buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/311334"
}
]
}
}

150
2004/0xxx/CVE-2004-0044.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0044",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when \"Allow Only Cisco CallManager Users\" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040108 Cisco Personal Assistant User Password Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml"
},
{
"name" : "9384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9384"
},
{
"name" : "ciscopersonalassistant-config-file-access(14172)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14172"
},
{
"name" : "3430",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3430"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when \"Allow Only Cisco CallManager Users\" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscopersonalassistant-config-file-access(14172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14172"
},
{
"name": "20040108 Cisco Personal Assistant User Password Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml"
},
{
"name": "3430",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3430"
},
{
"name": "9384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9384"
}
]
}
}

470
2004/0xxx/CVE-2004-0077.json
View File

@ -1,237 +1,237 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0077",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040218 Second critical mremap() bug found in all Linux kernels",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107711762014175&w=2"
},
{
"name" : "20040218 Second critical mremap() bug found in all Linux kernels",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html"
},
{
"name" : "http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt",
"refsource" : "MISC",
"url" : "http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt"
},
{
"name" : "CLA-2004:820",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820"
},
{
"name" : "DSA-438",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-438"
},
{
"name" : "DSA-439",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-439"
},
{
"name" : "DSA-440",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-440"
},
{
"name" : "DSA-441",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-441"
},
{
"name" : "DSA-442",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-442"
},
{
"name" : "DSA-444",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-444"
},
{
"name" : "DSA-450",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-450"
},
{
"name" : "DSA-453",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-453"
},
{
"name" : "DSA-454",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-454"
},
{
"name" : "DSA-456",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-456"
},
{
"name" : "DSA-466",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-466"
},
{
"name" : "DSA-470",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-470"
},
{
"name" : "DSA-514",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-514"
},
{
"name" : "DSA-475",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-475"
},
{
"name" : "FEDORA-2004-079",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/updates/FEDORA-2004-079.shtml"
},
{
"name" : "MDKSA-2004:015",
"refsource" : "MANDRAKE",
"url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015"
},
{
"name" : "RHSA-2004:065",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-065.html"
},
{
"name" : "RHSA-2004:066",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-066.html"
},
{
"name" : "RHSA-2004:069",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-069.html"
},
{
"name" : "RHSA-2004:106",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-106.html"
},
{
"name" : "SSA:2004-049",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734"
},
{
"name" : "SuSE-SA:2004:005",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html"
},
{
"name" : "2004-0007",
"refsource" : "TRUSTIX",
"url" : "http://marc.info/?l=bugtraq&m=107712137732553&w=2"
},
{
"name" : "2004-0008",
"refsource" : "TRUSTIX",
"url" : "http://marc.info/?l=bugtraq&m=107755871932680&w=2"
},
{
"name" : "GLSA-200403-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200403-02.xml"
},
{
"name" : "VU#981222",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/981222"
},
{
"name" : "O-082",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/o-082.shtml"
},
{
"name" : "9686",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9686"
},
{
"name" : "3986",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3986"
},
{
"name" : "oval:org.mitre.oval:def:825",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A825"
},
{
"name" : "oval:org.mitre.oval:def:837",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A837"
},
{
"name" : "linux-mremap-gain-privileges(15244)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15244"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSA:2004-049",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734"
},
{
"name": "DSA-450",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-450"
},
{
"name": "DSA-440",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-440"
},
{
"name": "RHSA-2004:069",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-069.html"
},
{
"name": "O-082",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-082.shtml"
},
{
"name": "FEDORA-2004-079",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA-2004-079.shtml"
},
{
"name": "DSA-439",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-439"
},
{
"name": "DSA-475",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-475"
},
{
"name": "CLA-2004:820",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820"
},
{
"name": "RHSA-2004:106",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-106.html"
},
{
"name": "SuSE-SA:2004:005",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html"
},
{
"name": "DSA-442",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-442"
},
{
"name": "RHSA-2004:065",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-065.html"
},
{
"name": "DSA-470",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-470"
},
{
"name": "MDKSA-2004:015",
"refsource": "MANDRAKE",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015"
},
{
"name": "9686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9686"
},
{
"name": "DSA-438",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-438"
},
{
"name": "DSA-514",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-514"
},
{
"name": "http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt",
"refsource": "MISC",
"url": "http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt"
},
{
"name": "DSA-456",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-456"
},
{
"name": "oval:org.mitre.oval:def:837",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A837"
},
{
"name": "GLSA-200403-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200403-02.xml"
},
{
"name": "DSA-441",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-441"
},
{
"name": "20040218 Second critical mremap() bug found in all Linux kernels",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html"
},
{
"name": "DSA-454",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-454"
},
{
"name": "linux-mremap-gain-privileges(15244)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15244"
},
{
"name": "20040218 Second critical mremap() bug found in all Linux kernels",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107711762014175&w=2"
},
{
"name": "DSA-444",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-444"
},
{
"name": "RHSA-2004:066",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-066.html"
},
{
"name": "2004-0008",
"refsource": "TRUSTIX",
"url": "http://marc.info/?l=bugtraq&m=107755871932680&w=2"
},
{
"name": "oval:org.mitre.oval:def:825",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A825"
},
{
"name": "DSA-453",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-453"
},
{
"name": "3986",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3986"
},
{
"name": "VU#981222",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/981222"
},
{
"name": "DSA-466",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-466"
},
{
"name": "2004-0007",
"refsource": "TRUSTIX",
"url": "http://marc.info/?l=bugtraq&m=107712137732553&w=2"
}
]
}
}

270
2004/0xxx/CVE-2004-0113.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0113",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=27106",
"refsource" : "MISC",
"url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=27106"
},
{
"name" : "[apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=apache-cvs&m=107869699329638"
},
{
"name" : "http://www.apacheweek.com/features/security-20",
"refsource" : "CONFIRM",
"url" : "http://www.apacheweek.com/features/security-20"
},
{
"name" : "APPLE-SA-2004-05-03",
"refsource" : "APPLE",
"url" : "http://marc.info/?l=bugtraq&m=108369640424244&w=2"
},
{
"name" : "CLSA-2004:839",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839"
},
{
"name" : "GLSA-200403-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200403-04.xml"
},
{
"name" : "SSRT4717",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=108731648532365&w=2"
},
{
"name" : "MDKSA-2004:043",
"refsource" : "MANDRAKE",
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:043"
},
{
"name" : "RHSA-2004:084",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-084.html"
},
{
"name" : "RHSA-2004:182",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-182.html"
},
{
"name" : "2004-0017",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2004/0017"
},
{
"name" : "20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108034113406858&w=2"
},
{
"name" : "apache-modssl-plain-dos(15419)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15419"
},
{
"name" : "9826",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9826"
},
{
"name" : "4182",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4182"
},
{
"name" : "oval:org.mitre.oval:def:876",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A876"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2004-05-03",
"refsource": "APPLE",
"url": "http://marc.info/?l=bugtraq&m=108369640424244&w=2"
},
{
"name": "20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108034113406858&w=2"
},
{
"name": "SSRT4717",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=108731648532365&w=2"
},
{
"name": "http://www.apacheweek.com/features/security-20",
"refsource": "CONFIRM",
"url": "http://www.apacheweek.com/features/security-20"
},
{
"name": "oval:org.mitre.oval:def:876",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A876"
},
{
"name": "RHSA-2004:182",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-182.html"
},
{
"name": "CLSA-2004:839",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839"
},
{
"name": "http://issues.apache.org/bugzilla/show_bug.cgi?id=27106",
"refsource": "MISC",
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=27106"
},
{
"name": "9826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9826"
},
{
"name": "2004-0017",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0017"
},
{
"name": "RHSA-2004:084",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-084.html"
},
{
"name": "GLSA-200403-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200403-04.xml"
},
{
"name": "apache-modssl-plain-dos(15419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15419"
},
{
"name": "MDKSA-2004:043",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:043"
},
{
"name": "4182",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4182"
},
{
"name": "[apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c",
"refsource": "MLIST",
"url": "http://marc.info/?l=apache-cvs&m=107869699329638"
}
]
}
}

170
2004/0xxx/CVE-2004-0347.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0347",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107826362024112&w=2"
},
{
"name" : "20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018120.html"
},
{
"name" : "20040304 NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPN",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107850564102190&w=2"
},
{
"name" : "VU#114070",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/114070"
},
{
"name" : "9791",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9791"
},
{
"name" : "netscreen-delhomepagecgi-xss(15368)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15368"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#114070",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/114070"
},
{
"name": "netscreen-delhomepagecgi-xss(15368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15368"
},
{
"name": "20040304 NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPN",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107850564102190&w=2"
},
{
"name": "9791",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9791"
},
{
"name": "20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107826362024112&w=2"
},
{
"name": "20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018120.html"
}
]
}
}

150
2004/0xxx/CVE-2004-0366.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0366",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-469",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-469"
},
{
"name" : "10266",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10266"
},
{
"name" : "11237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11237"
},
{
"name" : "pam-pgsql-sql-injection(15651)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15651"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10266"
},
{
"name": "11237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11237"
},
{
"name": "pam-pgsql-sql-injection(15651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15651"
},
{
"name": "DSA-469",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-469"
}
]
}
}

150
2004/0xxx/CVE-2004-0477.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0477",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; that issue was assigned CVE-2004-0447. This candidate is ONLY for the ADSL router bypass."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040527 iDEFENSE Security Advisory 05.27.04: 3Com OfficeConnect Remote 812 ADSL Router Authentication Bypass Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=106&type=vulnerabilities&flashstatus=false"
},
{
"name" : "10426",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10426"
},
{
"name" : "11716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11716"
},
{
"name" : "3com-officeconnect-gain-access(16267)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16267"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; that issue was assigned CVE-2004-0447. This candidate is ONLY for the ADSL router bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040527 iDEFENSE Security Advisory 05.27.04: 3Com OfficeConnect Remote 812 ADSL Router Authentication Bypass Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=106&type=vulnerabilities&flashstatus=false"
},
{
"name": "3com-officeconnect-gain-access(16267)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16267"
},
{
"name": "10426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10426"
},
{
"name": "11716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11716"
}
]
}
}

130
2004/0xxx/CVE-2004-0728.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040714 [HV-MED] DoS in Microsoft SMS Client",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108983763710315&w=2"
},
{
"name" : "sms-remote-service-dos(16696)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16696"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040714 [HV-MED] DoS in Microsoft SMS Client",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108983763710315&w=2"
},
{
"name": "sms-remote-service-dos(16696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16696"
}
]
}
}

210
2004/1xxx/CVE-2004-1012.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command (\"body[p\") that is treated as a different command (\"body.peek\") and causes an index increment error that leads to an out-of-bounds memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110123023521619&w=2"
},
{
"name" : "http://security.e-matters.de/advisories/152004.html",
"refsource" : "MISC",
"url" : "http://security.e-matters.de/advisories/152004.html"
},
{
"name" : "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
"refsource" : "MLIST",
"url" : "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143"
},
{
"name" : "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
"refsource" : "CONFIRM",
"url" : "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
},
{
"name" : "DSA-597",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-597"
},
{
"name" : "GLSA-200411-34",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200411-34.xml"
},
{
"name" : "MDKSA-2004:139",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
},
{
"name" : "USN-31-1",
"refsource" : "UBUNTU",
"url" : "https://www.ubuntu.com/usn/usn-31-1/"
},
{
"name" : "cyrus-imap-commands-execute-code(18199)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199"
},
{
"name" : "13274",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13274/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command (\"body[p\") that is treated as a different command (\"body.peek\") and causes an index increment error that leads to an out-of-bounds memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-597",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-597"
},
{
"name": "cyrus-imap-commands-execute-code(18199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199"
},
{
"name": "http://security.e-matters.de/advisories/152004.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/152004.html"
},
{
"name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
"refsource": "CONFIRM",
"url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
},
{
"name": "MDKSA-2004:139",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
},
{
"name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110123023521619&w=2"
},
{
"name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
"refsource": "MLIST",
"url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143"
},
{
"name": "13274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13274/"
},
{
"name": "GLSA-200411-34",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
},
{
"name": "USN-31-1",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/usn-31-1/"
}
]
}
}

140
2004/1xxx/CVE-2004-1077.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1077",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050426 Citrix Program Neighborhood Agent Arbitrary Shortcut Creation Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=237&type=vulnerabilities"
},
{
"name" : "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650"
},
{
"name" : "15108",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15108"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15108"
},
{
"name": "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650"
},
{
"name": "20050426 Citrix Program Neighborhood Agent Arbitrary Shortcut Creation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=237&type=vulnerabilities"
}
]
}
}

150
2004/1xxx/CVE-2004-1135.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1135",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041129 Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110177654524819&w=2"
},
{
"name" : "20041129 Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14.",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029600.html"
},
{
"name" : "http://www.securiteam.com/exploits/6D00L2KBPG.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/exploits/6D00L2KBPG.html"
},
{
"name" : "wsftp-ftp-commands-bo(18296)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "wsftp-ftp-commands-bo(18296)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18296"
},
{
"name": "20041129 Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110177654524819&w=2"
},
{
"name": "20041129 Multiple buffer overlows in WS_FTP Server Version 5.03, 2004.10.14.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/029600.html"
},
{
"name": "http://www.securiteam.com/exploits/6D00L2KBPG.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/6D00L2KBPG.html"
}
]
}
}

130
2004/1xxx/CVE-2004-1274.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a filename with shell metacharacters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tigger.uic.edu/~jlongs2/holes/greed.txt",
"refsource" : "MISC",
"url" : "http://tigger.uic.edu/~jlongs2/holes/greed.txt"
},
{
"name" : "greed-downloadloop-command-execution(18634)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18634"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a filename with shell metacharacters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "greed-downloadloop-command-execution(18634)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18634"
},
{
"name": "http://tigger.uic.edu/~jlongs2/holes/greed.txt",
"refsource": "MISC",
"url": "http://tigger.uic.edu/~jlongs2/holes/greed.txt"
}
]
}
}

150
2004/1xxx/CVE-2004-1306.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1306",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041223 Microsoft Windows winhlp32.exe Heap Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110383690219440&w=2"
},
{
"name" : "http://www.xfocus.net/flashsky/icoExp/",
"refsource" : "MISC",
"url" : "http://www.xfocus.net/flashsky/icoExp/"
},
{
"name" : "12092",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12092"
},
{
"name" : "win-winhlp32-bo(18678)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18678"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12092"
},
{
"name": "http://www.xfocus.net/flashsky/icoExp/",
"refsource": "MISC",
"url": "http://www.xfocus.net/flashsky/icoExp/"
},
{
"name": "20041223 Microsoft Windows winhlp32.exe Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110383690219440&w=2"
},
{
"name": "win-winhlp32-bo(18678)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18678"
}
]
}
}

150
2004/1xxx/CVE-2004-1492.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1492",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (game exit) via a data packet that contains a large size specifier, which causes a large memory allocation to fail."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041027 Crashs in Master of Orion III 1.2.5",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109889705116038&w=2"
},
{
"name" : "11550",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11550"
},
{
"name" : "13008",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13008"
},
{
"name" : "master-of-orion-size-dos(17908)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17908"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (game exit) via a data packet that contains a large size specifier, which causes a large memory allocation to fail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041027 Crashs in Master of Orion III 1.2.5",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109889705116038&w=2"
},
{
"name": "11550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11550"
},
{
"name": "13008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13008"
},
{
"name": "master-of-orion-size-dos(17908)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17908"
}
]
}
}

150
2004/1xxx/CVE-2004-1817.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040315 [waraxe-2004-SA#005 - XSS in Php-Nuke 7.1.0 - part 2]",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107937752811633&w=2"
},
{
"name" : "9879",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9879"
},
{
"name" : "11135",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11135"
},
{
"name" : "phpnuke-multiple-parameters-xss(15491)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15491"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040315 [waraxe-2004-SA#005 - XSS in Php-Nuke 7.1.0 - part 2]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107937752811633&w=2"
},
{
"name": "phpnuke-multiple-parameters-xss(15491)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15491"
},
{
"name": "11135",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11135"
},
{
"name": "9879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9879"
}
]
}
}

290
2004/1xxx/CVE-2004-1875.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1875",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040330 Exensive cPanel Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108066561608676&w=2"
},
{
"name" : "http://www.cirt.net/advisories/cpanel_xss.shtml",
"refsource" : "MISC",
"url" : "http://www.cirt.net/advisories/cpanel_xss.shtml"
},
{
"name" : "http://www.aria-security.com/forum/showthread.php?t=30",
"refsource" : "MISC",
"url" : "http://www.aria-security.com/forum/showthread.php?t=30"
},
{
"name" : "10002",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10002"
},
{
"name" : "21142",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/21142"
},
{
"name" : "ADV-2006-4658",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4658"
},
{
"name" : "4208",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4208"
},
{
"name" : "4209",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4209"
},
{
"name" : "4210",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4210"
},
{
"name" : "4211",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4211"
},
{
"name" : "4212",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4212"
},
{
"name" : "4213",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4213"
},
{
"name" : "4214",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4214"
},
{
"name" : "4215",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4215"
},
{
"name" : "4243",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4243"
},
{
"name" : "11244",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11244"
},
{
"name" : "22984",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22984"
},
{
"name" : "cpanel-multiple-scripts-xss(15671)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4243",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4243"
},
{
"name": "20040330 Exensive cPanel Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108066561608676&w=2"
},
{
"name": "21142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21142"
},
{
"name": "11244",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11244"
},
{
"name": "4215",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4215"
},
{
"name": "http://www.cirt.net/advisories/cpanel_xss.shtml",
"refsource": "MISC",
"url": "http://www.cirt.net/advisories/cpanel_xss.shtml"
},
{
"name": "4210",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4210"
},
{
"name": "cpanel-multiple-scripts-xss(15671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15671"
},
{
"name": "22984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22984"
},
{
"name": "4211",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4211"
},
{
"name": "ADV-2006-4658",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4658"
},
{
"name": "10002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10002"
},
{
"name": "4212",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4212"
},
{
"name": "4208",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4208"
},
{
"name": "4213",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4213"
},
{
"name": "4214",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4214"
},
{
"name": "4209",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4209"
},
{
"name": "http://www.aria-security.com/forum/showthread.php?t=30",
"refsource": "MISC",
"url": "http://www.aria-security.com/forum/showthread.php?t=30"
}
]
}
}

140
2004/2xxx/CVE-2004-2114.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2114",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040126 ProxyNow! 2.x Multiple Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107515550931508&w=2"
},
{
"name" : "9500",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9500"
},
{
"name" : "proxynow-get-bo(14955)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14955"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "proxynow-get-bo(14955)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14955"
},
{
"name": "20040126 ProxyNow! 2.x Multiple Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107515550931508&w=2"
},
{
"name": "9500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9500"
}
]
}
}

150
2004/2xxx/CVE-2004-2121.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2121",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot \"......\" sequences, or (2) \"%5c%2e%2e\" (encoded \"\\..\") sequences, in the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040124 BWS v1.0b3 Directory Transversal Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107497413413907&w=2"
},
{
"name" : "9486",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9486"
},
{
"name" : "1008840",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1008840"
},
{
"name" : "bws-directory-traversal(14948)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14948"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot \"......\" sequences, or (2) \"%5c%2e%2e\" (encoded \"\\..\") sequences, in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9486"
},
{
"name": "1008840",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008840"
},
{
"name": "bws-directory-traversal(14948)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14948"
},
{
"name": "20040124 BWS v1.0b3 Directory Transversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107497413413907&w=2"
}
]
}
}

140
2004/2xxx/CVE-2004-2144.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2144",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1011416",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1011416"
},
{
"name" : "12649",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12649/"
},
{
"name" : "baal-admin-password-modify(17499)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17499"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "baal-admin-password-modify(17499)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17499"
},
{
"name": "12649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12649/"
},
{
"name": "1011416",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011416"
}
]
}
}

150
2004/2xxx/CVE-2004-2330.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2330",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html"
},
{
"name" : "9522",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9522"
},
{
"name" : "10743",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10743/"
},
{
"name" : "coldfusion-mx-request-dos(14983)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14983"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb04-02.html"
},
{
"name": "9522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9522"
},
{
"name": "coldfusion-mx-request-dos(14983)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14983"
},
{
"name": "10743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10743/"
}
]
}
}

150
2004/2xxx/CVE-2004-2343.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2343",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040131 BUG IN APACHE HTTPD SERVER (current version 2.0.47)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-02/0043.html"
},
{
"name" : "20040202 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-02/0064.html"
},
{
"name" : "20040204 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-02/0120.html"
},
{
"name" : "apache-httpd-bypass-restriction(15015)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15015"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040202 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0064.html"
},
{
"name": "20040204 Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0120.html"
},
{
"name": "apache-httpd-bypass-restriction(15015)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15015"
},
{
"name": "20040131 BUG IN APACHE HTTPD SERVER (current version 2.0.47)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0043.html"
}
]
}
}

140
2004/2xxx/CVE-2004-2405.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2405",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.f-secure.com/security/fsc-2004-1.shtml",
"refsource" : "CONFIRM",
"url" : "http://www.f-secure.com/security/fsc-2004-1.shtml"
},
{
"name" : "11712",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11712"
},
{
"name" : "fsecure-lha-archive-bo(16258)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16258"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.f-secure.com/security/fsc-2004-1.shtml",
"refsource": "CONFIRM",
"url": "http://www.f-secure.com/security/fsc-2004-1.shtml"
},
{
"name": "11712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11712"
},
{
"name": "fsecure-lha-archive-bo(16258)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16258"
}
]
}
}

170
2008/2xxx/CVE-2008-2072.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2072",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Virtual Design Studio vlbook 1.21 allows remote attackers to inject arbitrary web script or HTML via the l parameter, a different vector than CVE-2006-3260."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080501 vlBook 1.21 (ALL VERSION)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491519/100/0/threaded"
},
{
"name" : "5529",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5529"
},
{
"name" : "29006",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29006"
},
{
"name" : "30046",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30046"
},
{
"name" : "3854",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3854"
},
{
"name" : "vlbook-l-xss(42126)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Virtual Design Studio vlbook 1.21 allows remote attackers to inject arbitrary web script or HTML via the l parameter, a different vector than CVE-2006-3260."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3854",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3854"
},
{
"name": "20080501 vlBook 1.21 (ALL VERSION)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491519/100/0/threaded"
},
{
"name": "30046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30046"
},
{
"name": "5529",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5529"
},
{
"name": "29006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29006"
},
{
"name": "vlbook-l-xss(42126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42126"
}
]
}
}

430
2008/2xxx/CVE-2008-2107.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2107",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491683/100/0/threaded"
},
{
"name" : "20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html"
},
{
"name" : "http://www.sektioneins.de/advisories/SE-2008-02.txt",
"refsource" : "MISC",
"url" : "http://www.sektioneins.de/advisories/SE-2008-02.txt"
},
{
"name" : "DSA-1789",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1789"
},
{
"name" : "FEDORA-2008-3606",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
},
{
"name" : "FEDORA-2008-3864",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
},
{
"name" : "GLSA-200811-05",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name" : "MDVSA-2008:125",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
},
{
"name" : "MDVSA-2008:126",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
},
{
"name" : "MDVSA-2008:127",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
},
{
"name" : "MDVSA-2008:128",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
},
{
"name" : "MDVSA-2008:129",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:129"
},
{
"name" : "MDVSA-2008:130",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:130"
},
{
"name" : "RHSA-2008:0505",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
},
{
"name" : "RHSA-2008:0544",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0544.html"
},
{
"name" : "RHSA-2008:0545",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0545.html"
},
{
"name" : "RHSA-2008:0546",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"name" : "RHSA-2008:0582",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0582.html"
},
{
"name" : "SUSE-SR:2008:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name" : "USN-628-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name" : "oval:org.mitre.oval:def:10644",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644"
},
{
"name" : "30757",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30757"
},
{
"name" : "30828",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30828"
},
{
"name" : "30967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30967"
},
{
"name" : "31119",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31119"
},
{
"name" : "31124",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31124"
},
{
"name" : "31200",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31200"
},
{
"name" : "35003",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35003"
},
{
"name" : "32746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32746"
},
{
"name" : "3859",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3859"
},
{
"name" : "php-generateseed-weak-security(42226)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42226"
},
{
"name" : "php-generateseed-security-bypass(42284)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42284"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 32-bit systems, performs a multiplication using values that can produce a zero seed in rare circumstances, which allows context-dependent attackers to predict subsequent values of the rand and mt_rand functions and possibly bypass protection mechanisms that rely on an unknown initial seed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-3606",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
},
{
"name": "32746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32746"
},
{
"name": "20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html"
},
{
"name": "GLSA-200811-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "RHSA-2008:0546",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html"
},
{
"name": "FEDORA-2008-3864",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
},
{
"name": "30828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30828"
},
{
"name": "MDVSA-2008:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
},
{
"name": "3859",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3859"
},
{
"name": "RHSA-2008:0582",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html"
},
{
"name": "USN-628-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "RHSA-2008:0545",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html"
},
{
"name": "php-generateseed-weak-security(42226)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42226"
},
{
"name": "31124",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31124"
},
{
"name": "30967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30967"
},
{
"name": "31119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31119"
},
{
"name": "MDVSA-2008:129",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:129"
},
{
"name": "31200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31200"
},
{
"name": "30757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30757"
},
{
"name": "RHSA-2008:0544",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html"
},
{
"name": "SUSE-SR:2008:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "35003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35003"
},
{
"name": "MDVSA-2008:125",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125"
},
{
"name": "RHSA-2008:0505",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
},
{
"name": "MDVSA-2008:130",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:130"
},
{
"name": "MDVSA-2008:126",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126"
},
{
"name": "20080506 Advisory SE-2008-02: PHP GENERATE_SEED() Weak Random Number Seed Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491683/100/0/threaded"
},
{
"name": "php-generateseed-security-bypass(42284)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42284"
},
{
"name": "MDVSA-2008:127",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
},
{
"name": "http://www.sektioneins.de/advisories/SE-2008-02.txt",
"refsource": "MISC",
"url": "http://www.sektioneins.de/advisories/SE-2008-02.txt"
},
{
"name": "oval:org.mitre.oval:def:10644",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10644"
},
{
"name": "DSA-1789",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1789"
}
]
}
}

150
2008/2xxx/CVE-2008-2504.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2504",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5665",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5665"
},
{
"name" : "29333",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29333"
},
{
"name" : "ADV-2008-1658",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1658"
},
{
"name" : "netbutik-netbutik-product-sql-injection(42572)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42572"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netbutik-netbutik-product-sql-injection(42572)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42572"
},
{
"name": "ADV-2008-1658",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1658"
},
{
"name": "29333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29333"
},
{
"name": "5665",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5665"
}
]
}
}

170
2008/2xxx/CVE-2008-2671.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080610 [web-app] DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/493220/100/0/threaded"
},
{
"name" : "5772",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5772"
},
{
"name" : "http://chroot.org/exploits/chroot_uu_008",
"refsource" : "MISC",
"url" : "http://chroot.org/exploits/chroot_uu_008"
},
{
"name" : "29627",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29627"
},
{
"name" : "3939",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3939"
},
{
"name" : "dcfmblog-comments-sql-injection(42976)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42976"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3939",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3939"
},
{
"name": "5772",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5772"
},
{
"name": "20080610 [web-app] DCFM Blog 0.9.4 (comments) Remote SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493220/100/0/threaded"
},
{
"name": "http://chroot.org/exploits/chroot_uu_008",
"refsource": "MISC",
"url": "http://chroot.org/exploits/chroot_uu_008"
},
{
"name": "dcfmblog-comments-sql-injection(42976)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42976"
},
{
"name": "29627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29627"
}
]
}
}

210
2008/2xxx/CVE-2008-2715.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/linux/950/#security",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/linux/950/#security"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/950/#security",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/950/#security"
},
{
"name" : "http://www.opera.com/support/search/view/883/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/search/view/883/"
},
{
"name" : "SUSE-SA:2008:029",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00005.html"
},
{
"name" : "29684",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29684"
},
{
"name" : "ADV-2008-1812",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1812"
},
{
"name" : "1020291",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020291"
},
{
"name" : "30636",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30636"
},
{
"name" : "30682",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30682"
},
{
"name" : "opera-html-canvas-info-disclosure(43032)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29684"
},
{
"name": "ADV-2008-1812",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1812"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/950/#security",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/950/#security"
},
{
"name": "http://www.opera.com/support/search/view/883/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/search/view/883/"
},
{
"name": "SUSE-SA:2008:029",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00005.html"
},
{
"name": "opera-html-canvas-info-disclosure(43032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43032"
},
{
"name": "http://www.opera.com/docs/changelogs/linux/950/#security",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/linux/950/#security"
},
{
"name": "1020291",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020291"
},
{
"name": "30682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30682"
},
{
"name": "30636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30636"
}
]
}
}

150
2008/2xxx/CVE-2008-2792.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2792",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5846",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5846"
},
{
"name" : "29781",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29781"
},
{
"name" : "30723",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30723"
},
{
"name" : "erocms-index-sql-injection(43157)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29781",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29781"
},
{
"name": "5846",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5846"
},
{
"name": "30723",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30723"
},
{
"name": "erocms-index-sql-injection(43157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43157"
}
]
}
}

160
2008/2xxx/CVE-2008-2921.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5819",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5819"
},
{
"name" : "http://ezcms.eztechhelp.com/index.php?page=3&nid=27",
"refsource" : "CONFIRM",
"url" : "http://ezcms.eztechhelp.com/index.php?page=3&nid=27"
},
{
"name" : "29737",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29737"
},
{
"name" : "30674",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30674"
},
{
"name" : "ezcms-page-sql-injection(43086)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43086"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30674"
},
{
"name": "29737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29737"
},
{
"name": "http://ezcms.eztechhelp.com/index.php?page=3&nid=27",
"refsource": "CONFIRM",
"url": "http://ezcms.eztechhelp.com/index.php?page=3&nid=27"
},
{
"name": "ezcms-page-sql-injection(43086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43086"
},
{
"name": "5819",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5819"
}
]
}
}

160
2008/6xxx/CVE-2008-6095.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6095",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugzilla.opennms.org/show_bug.cgi?id=2760",
"refsource" : "MISC",
"url" : "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"name" : "http://www.opennms.org/documentation/ReleaseNotesUnStable.html",
"refsource" : "CONFIRM",
"url" : "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name" : "31539",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31539"
},
{
"name" : "32101",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32101"
},
{
"name" : "opennms-viewname-xss(45616)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.opennms.org/show_bug.cgi?id=2760",
"refsource": "MISC",
"url": "http://bugzilla.opennms.org/show_bug.cgi?id=2760"
},
{
"name": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html",
"refsource": "CONFIRM",
"url": "http://www.opennms.org/documentation/ReleaseNotesUnStable.html"
},
{
"name": "opennms-viewname-xss(45616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45616"
},
{
"name": "31539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31539"
},
{
"name": "32101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32101"
}
]
}
}

160
2008/6xxx/CVE-2008-6188.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6708",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6708"
},
{
"name" : "http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105",
"refsource" : "CONFIRM",
"url" : "http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105"
},
{
"name" : "31674",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31674"
},
{
"name" : "32217",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32217"
},
{
"name" : "gforge-skilledit-sql-injection(48851)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48851"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105",
"refsource": "CONFIRM",
"url": "http://gforge.org/tracker/index.php?func=detail&aid=5554&group_id=1&atid=105"
},
{
"name": "32217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32217"
},
{
"name": "gforge-skilledit-sql-injection(48851)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48851"
},
{
"name": "31674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31674"
},
{
"name": "6708",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6708"
}
]
}
}

160
2008/6xxx/CVE-2008-6240.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6240",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://holisticinfosec.org/content/view/95/45/",
"refsource" : "MISC",
"url" : "http://holisticinfosec.org/content/view/95/45/"
},
{
"name" : "33063",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33063"
},
{
"name" : "51028",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/51028"
},
{
"name" : "33296",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33296"
},
{
"name" : "openeditdam-catalogid-xss(47692)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47692"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33296"
},
{
"name": "33063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33063"
},
{
"name": "http://holisticinfosec.org/content/view/95/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/95/45/"
},
{
"name": "51028",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/51028"
},
{
"name": "openeditdam-catalogid-xss(47692)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47692"
}
]
}
}

140
2008/6xxx/CVE-2008-6317.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the same issue as CVE-2008-6316."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7399",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7399"
},
{
"name" : "32723",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32723"
},
{
"name" : "phpmygallery-commontpl-file-include(47171)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47171"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf[lang] parameter, a different issue than CVE-2008-6318. NOTE: this might be the same issue as CVE-2008-6316."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpmygallery-commontpl-file-include(47171)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47171"
},
{
"name": "32723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32723"
},
{
"name": "7399",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7399"
}
]
}
}

140
2008/6xxx/CVE-2008-6500.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6500",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt"
},
{
"name" : "32568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32568"
},
{
"name" : "aspshoppingcartscript-unspecified-xss(47003)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47003"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aspshoppingcartscript-unspecified-xss(47003)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47003"
},
{
"name": "32568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32568"
},
{
"name": "http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0812-exploits/aspshoppingcart-xss.txt"
}
]
}
}

160
2008/6xxx/CVE-2008-6623.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6989",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6989"
},
{
"name" : "32108",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32108"
},
{
"name" : "49824",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/49824"
},
{
"name" : "32494",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32494"
},
{
"name" : "postcard-getin-sql-injection(46359)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46359"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32108"
},
{
"name": "32494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32494"
},
{
"name": "6989",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6989"
},
{
"name": "49824",
"refsource": "OSVDB",
"url": "http://osvdb.org/49824"
},
{
"name": "postcard-getin-sql-injection(46359)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46359"
}
]
}
}

180
2008/6xxx/CVE-2008-6816.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6816",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081027 n.runs-SA-2008.009 - Eaton MGE OPS Network Shutdown Module - authentication bypass vulnerability and remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497824/100/100/threaded"
},
{
"name" : "http://www.nruns.com/security_advisory_eaton_mge_ops_network_shutdown_module_authentication_bypass.php",
"refsource" : "MISC",
"url" : "http://www.nruns.com/security_advisory_eaton_mge_ops_network_shutdown_module_authentication_bypass.php"
},
{
"name" : "http://download.mgeops.com/install/win32/nsm/release_note_nsm_320.txt",
"refsource" : "CONFIRM",
"url" : "http://download.mgeops.com/install/win32/nsm/release_note_nsm_320.txt"
},
{
"name" : "31933",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31933"
},
{
"name" : "50051",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/50051"
},
{
"name" : "32456",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32456"
},
{
"name" : "mge-paneactionbutton-code-execution(46131)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46131"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nruns.com/security_advisory_eaton_mge_ops_network_shutdown_module_authentication_bypass.php",
"refsource": "MISC",
"url": "http://www.nruns.com/security_advisory_eaton_mge_ops_network_shutdown_module_authentication_bypass.php"
},
{
"name": "mge-paneactionbutton-code-execution(46131)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46131"
},
{
"name": "http://download.mgeops.com/install/win32/nsm/release_note_nsm_320.txt",
"refsource": "CONFIRM",
"url": "http://download.mgeops.com/install/win32/nsm/release_note_nsm_320.txt"
},
{
"name": "20081027 n.runs-SA-2008.009 - Eaton MGE OPS Network Shutdown Module - authentication bypass vulnerability and remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497824/100/100/threaded"
},
{
"name": "31933",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31933"
},
{
"name": "32456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32456"
},
{
"name": "50051",
"refsource": "OSVDB",
"url": "http://osvdb.org/50051"
}
]
}
}

170
2008/6xxx/CVE-2008-6952.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6952",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7162",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7162"
},
{
"name" : "32364",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32364"
},
{
"name" : "49963",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/49963"
},
{
"name" : "32787",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32787"
},
{
"name" : "ADV-2008-3216",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3216"
},
{
"name" : "maurycms-rss-sql-injection(46738)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46738"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7162",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7162"
},
{
"name": "maurycms-rss-sql-injection(46738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46738"
},
{
"name": "32364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32364"
},
{
"name": "32787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32787"
},
{
"name": "ADV-2008-3216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3216"
},
{
"name": "49963",
"refsource": "OSVDB",
"url": "http://osvdb.org/49963"
}
]
}
}

140
2008/7xxx/CVE-2008-7108.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7108",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) quantity or (2) Add Engraving fields to the default URI; (3) Quantity field to phpcart.php; (4) Name, (5) Company, (6) Address, (7) City, and (8) Province/State fields in a checkout action to phpcart.php; and other unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080828 XSS and Data Manipulation attacks found in CMS PHPCart.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495806/100/0/threaded"
},
{
"name" : "30884",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30884"
},
{
"name" : "phpcart-phpcart-xss(44760)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) quantity or (2) Add Engraving fields to the default URI; (3) Quantity field to phpcart.php; (4) Name, (5) Company, (6) Address, (7) City, and (8) Province/State fields in a checkout action to phpcart.php; and other unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080828 XSS and Data Manipulation attacks found in CMS PHPCart.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495806/100/0/threaded"
},
{
"name": "phpcart-phpcart-xss(44760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44760"
},
{
"name": "30884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30884"
}
]
}
}

140
2008/7xxx/CVE-2008-7249.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080302 Squid Analysis Report Generator <= 2.2.3.1 buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/489018/100/0/threaded"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=581212",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=581212"
},
{
"name" : "ADV-2008-0749",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0749"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=581212",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=581212"
},
{
"name": "ADV-2008-0749",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0749"
},
{
"name": "20080302 Squid Analysis Report Generator <= 2.2.3.1 buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489018/100/0/threaded"
}
]
}
}

160
2012/1xxx/CVE-2012-1978.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/111408/Simple-PHP-Agenda-2.2.8-Cross-Site-Request-Forgery.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/111408/Simple-PHP-Agenda-2.2.8-Cross-Site-Request-Forgery.html"
},
{
"name" : "http://www.webapp-security.com/2012/03/simple-php-agenda/",
"refsource" : "MISC",
"url" : "http://www.webapp-security.com/2012/03/simple-php-agenda/"
},
{
"name" : "http://www.webapp-security.com/wp-content/uploads/2012/03/Simple-PHP-Agenda-2.2.8-Multiple-CSRF-Add-Admin-Add-Event4.txt",
"refsource" : "MISC",
"url" : "http://www.webapp-security.com/wp-content/uploads/2012/03/Simple-PHP-Agenda-2.2.8-Multiple-CSRF-Add-Admin-Add-Event4.txt"
},
{
"name" : "74778",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74778"
},
{
"name" : "80793",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80793"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admin/adminprocess.php, (3) add an event via a request to engine/new_event.php, or (4) delete an event via a request to phpagenda/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webapp-security.com/2012/03/simple-php-agenda/",
"refsource": "MISC",
"url": "http://www.webapp-security.com/2012/03/simple-php-agenda/"
},
{
"name": "http://packetstormsecurity.com/files/111408/Simple-PHP-Agenda-2.2.8-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/111408/Simple-PHP-Agenda-2.2.8-Cross-Site-Request-Forgery.html"
},
{
"name": "http://www.webapp-security.com/wp-content/uploads/2012/03/Simple-PHP-Agenda-2.2.8-Multiple-CSRF-Add-Admin-Add-Event4.txt",
"refsource": "MISC",
"url": "http://www.webapp-security.com/wp-content/uploads/2012/03/Simple-PHP-Agenda-2.2.8-Multiple-CSRF-Add-Admin-Add-Event4.txt"
},
{
"name": "74778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74778"
},
{
"name": "80793",
"refsource": "OSVDB",
"url": "http://osvdb.org/80793"
}
]
}
}

34
2012/5xxx/CVE-2012-5239.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5239",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3548. Reason: This candidate is a reservation duplicate of CVE-2012-3548. Notes: All CVE users should reference CVE-2012-3548 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-5239",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3548. Reason: This candidate is a reservation duplicate of CVE-2012-3548. Notes: All CVE users should reference CVE-2012-3548 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

34
2012/5xxx/CVE-2012-5449.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5449",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5449",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2012/5xxx/CVE-2012-5552.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to \"client-side password history checks.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"name" : "http://drupal.org/node/1828340",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1828340"
},
{
"name" : "http://drupal.org/node/1828130",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1828130"
},
{
"name" : "http://drupal.org/node/1828142",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1828142"
},
{
"name" : "56350",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56350"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to obtain password hashes by sniffing the network, related to \"client-side password history checks.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56350"
},
{
"name": "http://drupal.org/node/1828130",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1828130"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"name": "http://drupal.org/node/1828340",
"refsource": "MISC",
"url": "http://drupal.org/node/1828340"
},
{
"name": "http://drupal.org/node/1828142",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1828142"
}
]
}
}

260
2012/5xxx/CVE-2012-5575.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka \"XML Encryption backwards compatibility attack.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/",
"refsource" : "MISC",
"url" : "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/"
},
{
"name" : "http://cxf.apache.org/cve-2012-5575.html",
"refsource" : "CONFIRM",
"url" : "http://cxf.apache.org/cve-2012-5575.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=880443",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=880443"
},
{
"name" : "RHSA-2013:0873",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0873.html"
},
{
"name" : "RHSA-2013:0874",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0874.html"
},
{
"name" : "RHSA-2013:0876",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0876.html"
},
{
"name" : "RHSA-2013:0943",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0943.html"
},
{
"name" : "RHSA-2013:1143",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1143.html"
},
{
"name" : "RHSA-2013:1028",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1028.html"
},
{
"name" : "RHSA-2013:0875",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0875.html"
},
{
"name" : "RHSA-2013:0833",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"name" : "RHSA-2013:0834",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0834.html"
},
{
"name" : "RHSA-2013:0839",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0839.html"
},
{
"name" : "RHSA-2013:1437",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
},
{
"name" : "60043",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/60043"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka \"XML Encryption backwards compatibility attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:0943",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0943.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=880443",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=880443"
},
{
"name": "RHSA-2013:0839",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0839.html"
},
{
"name": "RHSA-2013:0875",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0875.html"
},
{
"name": "60043",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60043"
},
{
"name": "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/",
"refsource": "MISC",
"url": "http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/"
},
{
"name": "RHSA-2013:0833",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"name": "RHSA-2013:1437",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
},
{
"name": "http://cxf.apache.org/cve-2012-5575.html",
"refsource": "CONFIRM",
"url": "http://cxf.apache.org/cve-2012-5575.html"
},
{
"name": "RHSA-2013:1143",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1143.html"
},
{
"name": "RHSA-2013:0876",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0876.html"
},
{
"name": "RHSA-2013:1028",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1028.html"
},
{
"name": "RHSA-2013:0834",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0834.html"
},
{
"name": "RHSA-2013:0873",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0873.html"
},
{
"name": "RHSA-2013:0874",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0874.html"
}
]
}
}

130
2012/5xxx/CVE-2012-5638.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5638",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=887010",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=887010"
},
{
"name" : "RHSA-2013:0691",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:0691",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=887010",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=887010"
}
]
}
}

34
2012/5xxx/CVE-2012-5926.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5926",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5926",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/5xxx/CVE-2012-5997.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5997",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5997",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2017/11xxx/CVE-2017-11104.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf",
"refsource" : "MISC",
"url" : "http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf"
},
{
"name" : "https://bugs.debian.org/865678",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/865678"
},
{
"name" : "https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html",
"refsource" : "MISC",
"url" : "https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html"
},
{
"name" : "DSA-3910",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3910"
},
{
"name" : "99598",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99598"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3910",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3910"
},
{
"name": "99598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99598"
},
{
"name": "https://bugs.debian.org/865678",
"refsource": "MISC",
"url": "https://bugs.debian.org/865678"
},
{
"name": "http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf",
"refsource": "MISC",
"url": "http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf"
},
{
"name": "https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html",
"refsource": "MISC",
"url": "https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html"
}
]
}
}

140
2017/11xxx/CVE-2017-11317.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43874",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43874/"
},
{
"name" : "http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload",
"refsource" : "CONFIRM",
"url" : "http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload"
},
{
"name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006",
"refsource" : "CONFIRM",
"url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43874",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43874/"
},
{
"name": "http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload",
"refsource": "CONFIRM",
"url": "http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload"
},
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006"
}
]
}
}

34
2017/11xxx/CVE-2017-11453.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11453",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11453",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/11xxx/CVE-2017-11475.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/glpi-project/glpi/issues/2476",
"refsource" : "CONFIRM",
"url" : "https://github.com/glpi-project/glpi/issues/2476"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/glpi-project/glpi/issues/2476",
"refsource": "CONFIRM",
"url": "https://github.com/glpi-project/glpi/issues/2476"
}
]
}
}

120
2017/11xxx/CVE-2017-11657.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11657",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\\Dashlane directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.securiteam.com/index.php/archives/3357",
"refsource" : "MISC",
"url" : "https://blogs.securiteam.com/index.php/archives/3357"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\\Dashlane directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.securiteam.com/index.php/archives/3357",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3357"
}
]
}
}

130
2017/11xxx/CVE-2017-11705.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11705",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in.html",
"refsource" : "MISC",
"url" : "http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in.html"
},
{
"name" : "https://github.com/libming/libming/issues/71",
"refsource" : "MISC",
"url" : "https://github.com/libming/libming/issues/71"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libming/libming/issues/71",
"refsource": "MISC",
"url": "https://github.com/libming/libming/issues/71"
},
{
"name": "http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in.html",
"refsource": "MISC",
"url": "http://somevulnsofadlab.blogspot.jp/2017/07/libmingmemory-leak-in.html"
}
]
}
}

34
2017/11xxx/CVE-2017-11735.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11735",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in the originally named product. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-11735",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in the originally named product. Notes: none."
}
]
}
}

120
2017/15xxx/CVE-2017-15241.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15241",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to \"Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15241",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15241"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to \"Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x00000000000929f5.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15241",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15241"
}
]
}
}

130
2017/15xxx/CVE-2017-15300.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as \"GET / HTTP/1.1\"), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970",
"refsource" : "MISC",
"url" : "https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970"
},
{
"name" : "https://www.legacysecuritygroup.com/cve-2017-15300.html",
"refsource" : "MISC",
"url" : "https://www.legacysecuritygroup.com/cve-2017-15300.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as \"GET / HTTP/1.1\"), which allows for a Denial of Service attack preventing a user from viewing their mining statistics by an attacker opening a session with telnet or netcat and connecting to the miner on the HTTP API port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.legacysecuritygroup.com/cve-2017-15300.html",
"refsource": "MISC",
"url": "https://www.legacysecuritygroup.com/cve-2017-15300.html"
},
{
"name": "https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970",
"refsource": "MISC",
"url": "https://bitcointalk.org/index.php?topic=1707546.msg23016970#msg23016970"
}
]
}
}

180
2017/15xxx/CVE-2017-15593.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15593",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html"
},
{
"name" : "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html"
},
{
"name" : "https://xenbits.xen.org/xsa/advisory-242.html",
"refsource" : "CONFIRM",
"url" : "https://xenbits.xen.org/xsa/advisory-242.html"
},
{
"name" : "https://support.citrix.com/article/CTX228867",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX228867"
},
{
"name" : "DSA-4050",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4050"
},
{
"name" : "GLSA-201801-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201801-14"
},
{
"name" : "1039568",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039568"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (memory leak) because reference counts are mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html"
},
{
"name": "[debian-lts-announce] 20171120 [SECURITY] [DLA 1181-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00027.html"
},
{
"name": "DSA-4050",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4050"
},
{
"name": "https://support.citrix.com/article/CTX228867",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX228867"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-242.html",
"refsource": "CONFIRM",
"url": "https://xenbits.xen.org/xsa/advisory-242.html"
},
{
"name": "GLSA-201801-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-14"
},
{
"name": "1039568",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039568"
}
]
}
}

130
2017/15xxx/CVE-2017-15653.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15653",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"name" : "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180116 Multiple vulnerabilities in all versions of ASUS routers",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jan/63"
},
{
"name": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145921/ASUSWRT-3.0.0.4.382.18495-Session-Hijacking-Information-Disclosure.html"
}
]
}
}

120
2017/15xxx/CVE-2017-15769.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15769",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView 4.50 - 64bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dds file, related to \"Read Access Violation starting at FORMATS!ReadBLP_W+0x0000000000001b22.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15769",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15769"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IrfanView 4.50 - 64bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dds file, related to \"Read Access Violation starting at FORMATS!ReadBLP_W+0x0000000000001b22.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15769",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15769"
}
]
}
}

130
2017/15xxx/CVE-2017-15962.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "iStock Management System 1.0 allows Arbitrary File Upload via user/profile."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43097",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43097/"
},
{
"name" : "https://packetstormsecurity.com/files/144433/iStock-Management-System-1.0-Arbitrary-File-Upload.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/144433/iStock-Management-System-1.0-Arbitrary-File-Upload.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iStock Management System 1.0 allows Arbitrary File Upload via user/profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/144433/iStock-Management-System-1.0-Arbitrary-File-Upload.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/144433/iStock-Management-System-1.0-Arbitrary-File-Upload.html"
},
{
"name": "43097",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43097/"
}
]
}
}

130
2017/3xxx/CVE-2017-3009.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3009",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
},
{
"name" : "97302",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97302"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow vulnerability in the JPEG2000 parser. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97302"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
}
]
}
}

140
2017/3xxx/CVE-2017-3037.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3037",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
},
{
"name" : "97556",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97556"
},
{
"name" : "1038228",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038228"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038228",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038228"
},
{
"name": "97556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97556"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
}
]
}
}

170
2017/3xxx/CVE-2017-3262.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java SE",
"version" : {
"version_data" : [
{
"version_value" : "8u112"
}
]
}
}
]
},
"vendor_name" : "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 5.3 (Confidentiality impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java SE",
"version": {
"version_data": [
{
"version_value": "8u112"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20170119-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20170119-0001/"
},
{
"name" : "GLSA-201701-65",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-65"
},
{
"name" : "RHSA-2017:0175",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
},
{
"name" : "95578",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95578"
},
{
"name" : "1037637",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037637"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 5.3 (Confidentiality impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201701-65",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-65"
},
{
"name": "1037637",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037637"
},
{
"name": "95578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95578"
},
{
"name": "RHSA-2017:0175",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

242
2017/3xxx/CVE-2017-3317.json
View File

@ -1,123 +1,123 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_value" : "5.5.53 and earlier"
},
{
"version_value" : "5.6.34 and earlier"
},
{
"version_value" : "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name" : "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_value": "5.5.53 and earlier"
},
{
"version_value": "5.6.34 and earlier"
},
{
"version_value": "5.7.16 and earlier"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "DSA-3767",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3767"
},
{
"name" : "DSA-3770",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3770"
},
{
"name" : "GLSA-201702-17",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-17"
},
{
"name" : "GLSA-201702-18",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-18"
},
{
"name" : "RHSA-2017:2886",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name" : "RHSA-2017:2787",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name" : "RHSA-2017:2192",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2192"
},
{
"name" : "RHSA-2018:0279",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name" : "RHSA-2018:0574",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name" : "95585",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95585"
},
{
"name" : "1037640",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037640"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2787",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2787"
},
{
"name": "GLSA-201702-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-17"
},
{
"name": "RHSA-2018:0574",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0574"
},
{
"name": "GLSA-201702-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-18"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "95585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95585"
},
{
"name": "RHSA-2018:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "DSA-3767",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3767"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "DSA-3770",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3770"
},
{
"name": "RHSA-2017:2192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
]
}
}

180
2017/3xxx/CVE-2017-3347.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3347",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Marketing",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.1.1"
},
{
"version_affected" : "=",
"version_value" : "12.1.2"
},
{
"version_affected" : "=",
"version_value" : "12.1.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.4"
},
{
"version_affected" : "=",
"version_value" : "12.2.5"
},
{
"version_affected" : "=",
"version_value" : "12.2.6"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Marketing",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected": "=",
"version_value": "12.1.2"
},
{
"version_affected": "=",
"version_value": "12.1.3"
},
{
"version_affected": "=",
"version_value": "12.2.3"
},
{
"version_affected": "=",
"version_value": "12.2.4"
},
{
"version_affected": "=",
"version_value": "12.2.5"
},
{
"version_affected": "=",
"version_value": "12.2.6"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "98060",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98060"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "98060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98060"
}
]
}
}

122
2017/8xxx/CVE-2017-8153.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-8153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VMall (for Android)",
"version" : {
"version_data" : [
{
"version_value" : "The versions before VMall 1.5.8.5"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMall (for Android)",
"version": {
"version_data": [
{
"version_value": "The versions before VMall 1.5.8.5"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-01-smartphone-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei VMall (for Android) with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access permission. Successful exploit could lead to resource occupation or information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170901-01-smartphone-en"
}
]
}
}

130
2017/8xxx/CVE-2017-8278.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-8278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-09-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name" : "100658",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100658"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "100658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100658"
}
]
}
}

150
2017/8xxx/CVE-2017-8477.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8477",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Windows",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Windows",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42230",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42230/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8477",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8477"
},
{
"name" : "98854",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98854"
},
{
"name" : "1038659",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038659"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98854"
},
{
"name": "1038659",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038659"
},
{
"name": "42230",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42230/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8477",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8477"
}
]
}
}

130
2017/8xxx/CVE-2017-8513.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8513",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft PowerPoint",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft PowerPoint 2007 Service Pack 3 and Microsoft SharePoint Server 2007 Service Pack 3."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8513",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft PowerPoint",
"version": {
"version_data": [
{
"version_value": "Microsoft PowerPoint 2007 Service Pack 3 and Microsoft SharePoint Server 2007 Service Pack 3."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8513",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8513"
},
{
"name" : "98830",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98830"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98830"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8513",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8513"
}
]
}
}

140
2017/8xxx/CVE-2017-8810.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@debian.org",
"ID" : "CVE-2017-8810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
"version" : {
"version_data" : [
{
"version_value" : "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "information leak because of response discrepancy"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2017-8810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2",
"version": {
"version_data": [
{
"version_value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html",
"refsource" : "CONFIRM",
"url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
},
{
"name" : "DSA-4036",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4036"
},
{
"name" : "1039812",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039812"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leak because of response discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039812",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039812"
},
{
"name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html",
"refsource": "CONFIRM",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html"
},
{
"name": "DSA-4036",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4036"
}
]
}
}

132
2017/8xxx/CVE-2017-8977.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2018-01-03T00:00:00",
"ID" : "CVE-2017-8977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Moonshot Provisioning Manager Appliance",
"version" : {
"version_data" : [
{
"version_value" : "v1.20"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2017-8977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moonshot Provisioning Manager Appliance",
"version": {
"version_data": [
{
"version_value": "v1.20"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us"
},
{
"name" : "102410",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102410"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Denial of Service vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03803en_us"
},
{
"name": "102410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102410"
}
]
}
}

122
2017/8xxx/CVE-2017-8985.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2018-02-09T00:00:00",
"ID" : "CVE-2017-8985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "XP Storage using HGLM",
"version" : {
"version_data" : [
{
"version_value" : "6.3.0-00 to 8.5.2-00"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Local Authentication Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2018-02-09T00:00:00",
"ID": "CVE-2017-8985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XP Storage using HGLM",
"version": {
"version_data": [
{
"version_value": "6.3.0-00 to 8.5.2-00"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03819en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03819en_us"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local authenticated information disclosure vulnerability in HGLM version HGLM 6.3.0-00 to 8.5.2-00."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03819en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03819en_us"
}
]
}
}

34
2018/12xxx/CVE-2018-12008.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12008",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12008",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/12xxx/CVE-2018-12067.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://peckshield.com/2018/06/11/tradeTrap/",
"refsource" : "MISC",
"url" : "https://peckshield.com/2018/06/11/tradeTrap/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sell function of a smart contract implementation for Substratum (SUB), a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument amount and a manipulable variable sellPrice, aka the \"tradeTrap\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://peckshield.com/2018/06/11/tradeTrap/",
"refsource": "MISC",
"url": "https://peckshield.com/2018/06/11/tradeTrap/"
}
]
}
}

34
2018/12xxx/CVE-2018-12107.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12107",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12107",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/12xxx/CVE-2018-12152.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2018-10-09T00:00:00",
"ID" : "CVE-2018-12152",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel Graphics Driver",
"version" : {
"version_data" : [
{
"version_value" : "Various"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-10-09T00:00:00",
"ID": "CVE-2018-12152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Graphics Driver",
"version": {
"version_data": [
{
"version_value": "Various"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
},
{
"name" : "105582",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105582"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105582"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html"
}
]
}
}

34
2018/12xxx/CVE-2018-12425.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12425",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12425",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2018/12xxx/CVE-2018-12617.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44925",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44925/"
},
{
"name" : "[debian-lts-announce] 20190228 [SECURITY] [DLA 1694-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html"
},
{
"name" : "https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6",
"refsource" : "MISC",
"url" : "https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6"
},
{
"name" : "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html",
"refsource" : "MISC",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html"
},
{
"name" : "USN-3826-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3826-1/"
},
{
"name" : "104531",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104531"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190228 [SECURITY] [DLA 1694-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00041.html"
},
{
"name": "https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6",
"refsource": "MISC",
"url": "https://gist.github.com/fakhrizulkifli/c7740d28efa07dafee66d4da5d857ef6"
},
{
"name": "USN-3826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html",
"refsource": "MISC",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03385.html"
},
{
"name": "104531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104531"
},
{
"name": "44925",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44925/"
}
]
}
}

130
2018/12xxx/CVE-2018-12678.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12678",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/portainer/portainer/pull/1979",
"refsource" : "CONFIRM",
"url" : "https://github.com/portainer/portainer/pull/1979"
},
{
"name" : "https://github.com/portainer/portainer/releases/tag/1.18.0",
"refsource" : "CONFIRM",
"url" : "https://github.com/portainer/portainer/releases/tag/1.18.0"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/portainer/portainer/pull/1979",
"refsource": "CONFIRM",
"url": "https://github.com/portainer/portainer/pull/1979"
},
{
"name": "https://github.com/portainer/portainer/releases/tag/1.18.0",
"refsource": "CONFIRM",
"url": "https://github.com/portainer/portainer/releases/tag/1.18.0"
}
]
}
}

34
2018/13xxx/CVE-2018-13120.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13120",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13120",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/13xxx/CVE-2018-13212.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sell function of a smart contract implementation for EthereumLegit, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EthereumLegit"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md"
}
]
}
}

120
2018/13xxx/CVE-2018-13328.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/safecomet/EtherTokens/blob/master/PFGc%20(PFGc)/PFGc%20(PFGc).md",
"refsource" : "MISC",
"url" : "https://github.com/safecomet/EtherTokens/blob/master/PFGc%20(PFGc)/PFGc%20(PFGc).md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The transfer, transferFrom, and mint functions of a smart contract implementation for PFGc, an Ethereum token, have an integer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/safecomet/EtherTokens/blob/master/PFGc%20(PFGc)/PFGc%20(PFGc).md",
"refsource": "MISC",
"url": "https://github.com/safecomet/EtherTokens/blob/master/PFGc%20(PFGc)/PFGc%20(PFGc).md"
}
]
}
}

130
2018/13xxx/CVE-2018-13470.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13470",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for BuyerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BuyerToken",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BuyerToken"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for BuyerToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BuyerToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BuyerToken"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

130
2018/13xxx/CVE-2018-13509.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for IamRich, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IamRich",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IamRich"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for IamRich, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IamRich",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/IamRich"
}
]
}
}

130
2018/13xxx/CVE-2018-13691.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13691",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RTokenMain",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RTokenMain"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for R Time Token v3 (RS) (Contract Name: RTokenMain), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RTokenMain",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RTokenMain"
}
]
}
}

34
2018/13xxx/CVE-2018-13841.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13841",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13841",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/16xxx/CVE-2018-16033.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-16033",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-16033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name" : "106162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106162"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106162"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}
}

130
2018/16xxx/CVE-2018-16035.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-16035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-16035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name" : "106162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106162"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106162"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}
}

150
2018/16xxx/CVE-2018-16429.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16429",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b",
"refsource" : "MISC",
"url" : "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b"
},
{
"name" : "https://gitlab.gnome.org/GNOME/glib/issues/1361",
"refsource" : "MISC",
"url" : "https://gitlab.gnome.org/GNOME/glib/issues/1361"
},
{
"name" : "USN-3767-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3767-1/"
},
{
"name" : "USN-3767-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3767-2/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.gnome.org/GNOME/glib/issues/1361",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/issues/1361"
},
{
"name": "USN-3767-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3767-1/"
},
{
"name": "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b",
"refsource": "MISC",
"url": "https://gitlab.gnome.org/GNOME/glib/commit/cec71705406f0b2790422f0c1aa0ff3b4b464b1b"
},
{
"name": "USN-3767-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3767-2/"
}
]
}
}

120
2018/16xxx/CVE-2018-16483.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2018-16483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "express-cart",
"version" : {
"version_data" : [
{
"version_value" : ">=1.1.6"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation (CAPEC-233)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2018-16483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "express-cart",
"version": {
"version_data": [
{
"version_value": ">=1.1.6"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/343626",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/343626"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation (CAPEC-233)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/343626",
"refsource": "MISC",
"url": "https://hackerone.com/reports/343626"
}
]
}
}

170
2018/16xxx/CVE-2018-16884.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-16884",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "kernel:",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel:",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884"
},
{
"name" : "https://patchwork.kernel.org/cover/10733767/",
"refsource" : "CONFIRM",
"url" : "https://patchwork.kernel.org/cover/10733767/"
},
{
"name" : "https://patchwork.kernel.org/patch/10733769/",
"refsource" : "CONFIRM",
"url" : "https://patchwork.kernel.org/patch/10733769/"
},
{
"name" : "106253",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106253"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16884"
},
{
"name": "106253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106253"
},
{
"name": "https://patchwork.kernel.org/patch/10733769/",
"refsource": "CONFIRM",
"url": "https://patchwork.kernel.org/patch/10733769/"
},
{
"name": "https://patchwork.kernel.org/cover/10733767/",
"refsource": "CONFIRM",
"url": "https://patchwork.kernel.org/cover/10733767/"
}
]
}
}

160
2018/17xxx/CVE-2018-17204.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17204",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde",
"refsource" : "MISC",
"url" : "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde"
},
{
"name" : "RHSA-2018:3500",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"name" : "RHSA-2019:0053",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"name" : "RHSA-2019:0081",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0081"
},
{
"name" : "USN-3873-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3873-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2019:0053",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0053"
},
{
"name": "USN-3873-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"name": "RHSA-2018:3500",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"name": "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde",
"refsource": "MISC",
"url": "https://github.com/openvswitch/ovs/commit/4af6da3b275b764b1afe194df6499b33d2bf4cde"
},
{
"name": "RHSA-2019:0081",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
}
]
}
}

130
2018/17xxx/CVE-2018-17317.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.51cto.com/010bjsoft/2175710",
"refsource" : "MISC",
"url" : "http://blog.51cto.com/010bjsoft/2175710"
},
{
"name" : "https://github.com/PatatasFritas/PatataWifi/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/PatatasFritas/PatataWifi/issues/1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or domain parameter to /www/script/config_iface.php, or the newSSID, hostapd_secure, hostapd_wpa_passphrase, or supplicant_ssid parameter to /www/page_config.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/PatatasFritas/PatataWifi/issues/1",
"refsource": "MISC",
"url": "https://github.com/PatatasFritas/PatataWifi/issues/1"
},
{
"name": "http://blog.51cto.com/010bjsoft/2175710",
"refsource": "MISC",
"url": "http://blog.51cto.com/010bjsoft/2175710"
}
]
}
}

34
2018/17xxx/CVE-2018-17351.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17351",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17351",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/17xxx/CVE-2018-17575.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lab.insightsecurity.com.br/swa-sistemas-academicos-cve/",
"refsource" : "MISC",
"url" : "https://lab.insightsecurity.com.br/swa-sistemas-academicos-cve/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SWA SWA.JACAD 3.1.37 Build 024 has SQL Injection via the /academico/aluno/esqueci-minha-senha/ studentId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lab.insightsecurity.com.br/swa-sistemas-academicos-cve/",
"refsource": "MISC",
"url": "https://lab.insightsecurity.com.br/swa-sistemas-academicos-cve/"
}
]
}
}

130
2018/17xxx/CVE-2018-17630.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.1.0.5096"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openPlayer method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6616."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416: Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-17630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.1.0.5096"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1158/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1158/"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the openPlayer method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6616."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1158/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1158/"
}
]
}
}

130
2018/17xxx/CVE-2018-17699.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.2.0.9297"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7073."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125: Out-of-bounds Read"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-17699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Reader",
"version": {
"version_data": [
{
"version_value": "9.2.0.9297"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1213/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1213/"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7073."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1213/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1213/"
}
]
}
}