admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:18:46 +00:00
parent 04e2aabd86
commit a0319c85c6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3524 additions and 3524 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2002/0xxx/CVE-2002-0687.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0687",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"through the web code\" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert",
"refsource" : "CONFIRM",
"url" : "http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert"
},
{
"name" : "RHSA-2002:060",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"name" : "5813",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5813"
},
{
"name" : "zope-inject-headers-dos(9621)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9621.php"
},
{
"name" : "5166",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5166"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"through the web code\" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5813"
},
{
"name": "RHSA-2002:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"name": "5166",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5166"
},
{
"name": "zope-inject-headers-dos(9621)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9621.php"
},
{
"name": "http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert"
}
]
}
}

150
2002/0xxx/CVE-2002-0703.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0703",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2002:081",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2002-081.html"
},
{
"name" : "MDKSA-2002:035",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-035.php"
},
{
"name" : "linux-utf8-incorrect-md5(9051)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9051.php"
},
{
"name" : "4716",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4716"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:081",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-081.html"
},
{
"name": "linux-utf8-incorrect-md5(9051)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9051.php"
},
{
"name": "MDKSA-2002:035",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-035.php"
},
{
"name": "4716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4716"
}
]
}
}

140
2002/0xxx/CVE-2002-0771.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0771",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020518 cross-site scripting bug of ViewCVS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0161.html"
},
{
"name" : "viewcvs-css(9112)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9112.php"
},
{
"name" : "4818",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4818"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "viewcvs-css(9112)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9112.php"
},
{
"name": "20020518 cross-site scripting bug of ViewCVS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0161.html"
},
{
"name": "4818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4818"
}
]
}
}

140
2002/0xxx/CVE-2002-0786.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0786",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020510 [VulnWatch] Two (2) Critical Path inJoin V4.0 Directory Server Issues",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0068.html"
},
{
"name" : "4718",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4718"
},
{
"name" : "injoin-admin-interface-view-files(9054)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9054.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020510 [VulnWatch] Two (2) Critical Path inJoin V4.0 Directory Server Issues",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0068.html"
},
{
"name": "injoin-admin-interface-view-files(9054)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9054.php"
},
{
"name": "4718",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4718"
}
]
}
}

120
2002/0xxx/CVE-2002-0880.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0880",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) \"jolt\", (2) \"jolt2\", (3) \"raped\", (4) \"hping2\", (5) \"bloop\", (6) \"bubonic\", (7) \"mutant\", (8) \"trash\", and (9) \"trash2.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020522 Multiple Vulnerabilities in Cisco IP Telephones",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) \"jolt\", (2) \"jolt2\", (3) \"raped\", (4) \"hping2\", (5) \"bloop\", (6) \"bubonic\", (7) \"mutant\", (8) \"trash\", and (9) \"trash2.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020522 Multiple Vulnerabilities in Cisco IP Telephones",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml"
}
]
}
}

150
2002/1xxx/CVE-2002-1029.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1029",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020704 Worldspan DoS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0048.html"
},
{
"name" : "14478",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/14478"
},
{
"name" : "worldspan-res-manager-dos(9490)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9490.php"
},
{
"name" : "5169",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5169"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Res Manager in Worldspan for Windows Gateway 4.1 allows remote attackers to cause a denial of service (crash) via a malformed request to TCP port 17990."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14478",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14478"
},
{
"name": "5169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5169"
},
{
"name": "worldspan-res-manager-dos(9490)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9490.php"
},
{
"name": "20020704 Worldspan DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0048.html"
}
]
}
}

200
2002/1xxx/CVE-2002-1061.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1061",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP GET request with a long major version number, (2) an HTTP GET request to the HTTP proxy on port 3128 with a long major version number, (3) a long OK reply from a POP3 server, and (4) a long SMTP server response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html"
},
{
"name" : "jana-pop3-logging-bo(9685)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9685.php"
},
{
"name" : "jana-smtp-logging-bo(9686)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9686.php"
},
{
"name" : "5320",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5320"
},
{
"name" : "5322",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5322"
},
{
"name" : "jana-http-proxy-bo(9683)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9683.php"
},
{
"name" : "5324",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5324"
},
{
"name" : "5319",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5319"
},
{
"name" : "jana-http-logging-bo(9682)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9682.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP GET request with a long major version number, (2) an HTTP GET request to the HTTP proxy on port 3128 with a long major version number, (3) a long OK reply from a POP3 server, and (4) a long SMTP server response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5322",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5322"
},
{
"name": "20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html"
},
{
"name": "jana-http-logging-bo(9682)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9682.php"
},
{
"name": "5324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5324"
},
{
"name": "jana-smtp-logging-bo(9686)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9686.php"
},
{
"name": "jana-pop3-logging-bo(9685)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9685.php"
},
{
"name": "jana-http-proxy-bo(9683)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9683.php"
},
{
"name": "5320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5320"
},
{
"name": "5319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5319"
}
]
}
}

170
2002/1xxx/CVE-2002-1179.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1179",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long \"From\" address, which triggers the overflow when the user views or previews the message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=103429637822920&w=2"
},
{
"name" : "20021010 Re: Problems applying MS02-058",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=103429681123297&w=2"
},
{
"name" : "20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103435413105661&w=2"
},
{
"name" : "MS02-058",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-058"
},
{
"name" : "outlook-smime-bo(10338)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10338.php"
},
{
"name" : "5944",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5944"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long \"From\" address, which triggers the overflow when the user views or previews the message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS02-058",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-058"
},
{
"name": "5944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5944"
},
{
"name": "20021010 Re: Problems applying MS02-058",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=103429681123297&w=2"
},
{
"name": "20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=103429637822920&w=2"
},
{
"name": "20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103435413105661&w=2"
},
{
"name": "outlook-smime-bo(10338)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10338.php"
}
]
}
}

170
2002/1xxx/CVE-2002-1345.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021211 Directory Traversal Vulnerabilities in FTP Clients",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103962838628940&w=2"
},
{
"name" : "20021210 Directory Traversal Vulnerabilities in FTP Clients",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"name" : "20021205-01-A",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"name" : "VU#210409",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/210409"
},
{
"name" : "6360",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6360"
},
{
"name" : "ftp-client-filename-traversal(10821)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10821.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6360"
},
{
"name": "VU#210409",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/210409"
},
{
"name": "20021211 Directory Traversal Vulnerabilities in FTP Clients",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103962838628940&w=2"
},
{
"name": "20021205-01-A",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021205-01-A"
},
{
"name": "20021210 Directory Traversal Vulnerabilities in FTP Clients",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"name": "ftp-client-filename-traversal(10821)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10821.php"
}
]
}
}

260
2003/0xxx/CVE-2003-0086.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0086",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
},
{
"name" : "APPLE-SA-2003-03-24",
"refsource" : "APPLE",
"url" : "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
},
{
"name" : "DSA-262",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-262"
},
{
"name" : "GLSA-200303-11",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml"
},
{
"name" : "MDKSA-2003:032",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:032"
},
{
"name" : "RHSA-2003:095",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-095.html"
},
{
"name" : "RHSA-2003:096",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-096.html"
},
{
"name" : "SuSE-SA:2003:016",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2003_016_samba.html"
},
{
"name" : "20030302-01-I",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I"
},
{
"name" : "20030317 GLSA: samba (200303-11)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104792646416629&w=2"
},
{
"name" : "20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104801012929374&w=2"
},
{
"name" : "7107",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7107"
},
{
"name" : "oval:org.mitre.oval:def:554",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A554"
},
{
"name" : "8299",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8299"
},
{
"name" : "8303",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8303"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:554",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A554"
},
{
"name": "20030317 GLSA: samba (200303-11)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104792646416629&w=2"
},
{
"name": "GLSA-200303-11",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml"
},
{
"name": "20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
},
{
"name": "APPLE-SA-2003-03-24",
"refsource": "APPLE",
"url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded"
},
{
"name": "RHSA-2003:096",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-096.html"
},
{
"name": "7107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7107"
},
{
"name": "20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104801012929374&w=2"
},
{
"name": "RHSA-2003:095",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-095.html"
},
{
"name": "SuSE-SA:2003:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_016_samba.html"
},
{
"name": "MDKSA-2003:032",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:032"
},
{
"name": "DSA-262",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-262"
},
{
"name": "8303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8303"
},
{
"name": "20030302-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I"
},
{
"name": "8299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8299"
}
]
}
}

130
2003/0xxx/CVE-2003-0385.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0385",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030605 BAZARR LOCAL ROOT AGAIN. HI GUYS. DONT READ THIS",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105491469815197&w=2"
},
{
"name" : "DSA-310",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-310"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-310",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-310"
},
{
"name": "20030605 BAZARR LOCAL ROOT AGAIN. HI GUYS. DONT READ THIS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105491469815197&w=2"
}
]
}
}

230
2003/0xxx/CVE-2003-0818.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0818",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107643836125615&w=2"
},
{
"name" : "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=107650972617367&w=2"
},
{
"name" : "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107643892224825&w=2"
},
{
"name" : "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=107650972723080&w=2"
},
{
"name" : "MS04-007",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007"
},
{
"name" : "TA04-041A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-041A.html"
},
{
"name" : "VU#216324",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/216324"
},
{
"name" : "VU#583108",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/583108"
},
{
"name" : "oval:org.mitre.oval:def:653",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A653"
},
{
"name" : "oval:org.mitre.oval:def:796",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A796"
},
{
"name" : "oval:org.mitre.oval:def:797",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A797"
},
{
"name" : "oval:org.mitre.oval:def:799",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A799"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#583108",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/583108"
},
{
"name": "TA04-041A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-041A.html"
},
{
"name": "oval:org.mitre.oval:def:653",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A653"
},
{
"name": "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107643836125615&w=2"
},
{
"name": "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107643892224825&w=2"
},
{
"name": "oval:org.mitre.oval:def:799",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A799"
},
{
"name": "oval:org.mitre.oval:def:796",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A796"
},
{
"name": "VU#216324",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/216324"
},
{
"name": "MS04-007",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007"
},
{
"name": "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=107650972723080&w=2"
},
{
"name": "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=107650972617367&w=2"
},
{
"name": "oval:org.mitre.oval:def:797",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A797"
}
]
}
}

180
2003/1xxx/CVE-2003-1172.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1172",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=23949",
"refsource" : "CONFIRM",
"url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=23949"
},
{
"name" : "http://www.securiteam.com/securitynews/6W00L0U8KC.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/securitynews/6W00L0U8KC.html"
},
{
"name" : "8883",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8883"
},
{
"name" : "2749",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/2749"
},
{
"name" : "1007993",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1007993"
},
{
"name" : "10064",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10064"
},
{
"name" : "apachecocoon-directory-traversal-bootini(13499)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13499"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apachecocoon-directory-traversal-bootini(13499)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13499"
},
{
"name": "http://www.securiteam.com/securitynews/6W00L0U8KC.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securitynews/6W00L0U8KC.html"
},
{
"name": "8883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8883"
},
{
"name": "10064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10064"
},
{
"name": "2749",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2749"
},
{
"name": "http://issues.apache.org/bugzilla/show_bug.cgi?id=23949",
"refsource": "CONFIRM",
"url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=23949"
},
{
"name": "1007993",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007993"
}
]
}
}

160
2003/1xxx/CVE-2003-1372.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030219 myphpnuke xss",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html"
},
{
"name" : "6892",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6892"
},
{
"name" : "3931",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3931"
},
{
"name" : "8125",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8125"
},
{
"name" : "phpbb-index-sql-injection(11376)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11376"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-index-sql-injection(11376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11376"
},
{
"name": "8125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8125"
},
{
"name": "6892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6892"
},
{
"name": "3931",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3931"
},
{
"name": "20030219 myphpnuke xss",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html"
}
]
}
}

180
2012/0xxx/CVE-2012-0127.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-0127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU02756",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/522101"
},
{
"name" : "SSRT100596",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/522101"
},
{
"name" : "52749",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52749"
},
{
"name" : "80657",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80657"
},
{
"name" : "1026869",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026869"
},
{
"name" : "48586",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48586"
},
{
"name" : "hp-performance-code-exec(74406)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74406"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hp-performance-code-exec(74406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74406"
},
{
"name": "48586",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48586"
},
{
"name": "80657",
"refsource": "OSVDB",
"url": "http://osvdb.org/80657"
},
{
"name": "52749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52749"
},
{
"name": "SSRT100596",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/522101"
},
{
"name": "HPSBMU02756",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/522101"
},
{
"name": "1026869",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026869"
}
]
}
}

150
2012/0xxx/CVE-2012-0569.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "oval:org.mitre.oval:def:19359",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19359"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:19359",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19359"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
]
}
}

130
2012/0xxx/CVE-2012-0693.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it \"says it affects V5.0.3, and the submitticket.php file, both of which are wrong.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oscommerceuniversity.com/lounge/index.php/board,23.0.html",
"refsource" : "MISC",
"url" : "http://www.oscommerceuniversity.com/lounge/index.php/board,23.0.html"
},
{
"name" : "http://www.oscommerceuniversity.com/lounge/index.php/topic,1209.0.html",
"refsource" : "MISC",
"url" : "http://www.oscommerceuniversity.com/lounge/index.php/topic,1209.0.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it \"says it affects V5.0.3, and the submitticket.php file, both of which are wrong.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oscommerceuniversity.com/lounge/index.php/board,23.0.html",
"refsource": "MISC",
"url": "http://www.oscommerceuniversity.com/lounge/index.php/board,23.0.html"
},
{
"name": "http://www.oscommerceuniversity.com/lounge/index.php/topic,1209.0.html",
"refsource": "MISC",
"url": "http://www.oscommerceuniversity.com/lounge/index.php/topic,1209.0.html"
}
]
}
}

160
2012/0xxx/CVE-2012-0730.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-0730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21592188",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21592188"
},
{
"name" : "53247",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53247"
},
{
"name" : "48967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48967"
},
{
"name" : "48968",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48968"
},
{
"name" : "ae-multiple-csrf(74370)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48967"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
},
{
"name": "ae-multiple-csrf(74370)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74370"
},
{
"name": "48968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48968"
},
{
"name": "53247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53247"
}
]
}
}

34
2012/1xxx/CVE-2012-1269.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1269",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1269",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2012/1xxx/CVE-2012-1390.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1390",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Miso (com.bazaarlabs.miso) application 2.2 for Android has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1390-vulnerability-in-Miso.html",
"refsource" : "MISC",
"url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1390-vulnerability-in-Miso.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Miso (com.bazaarlabs.miso) application 2.2 for Android has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1390-vulnerability-in-Miso.html",
"refsource": "MISC",
"url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1390-vulnerability-in-Miso.html"
}
]
}
}

240
2012/1xxx/CVE-2012-1600.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1600",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120328 CVE request: phppgadmin before 5.0.4 XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/28/11"
},
{
"name" : "[oss-security] 20120328 Re: CVE request: phppgadmin before 5.0.4 XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/29/6"
},
{
"name" : "[oss-security] 20120330 Re: CVE request: phppgadmin before 5.0.4 XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/30/7"
},
{
"name" : "http://sourceforge.net/p/phppgadmin/mailman/message/28783470/",
"refsource" : "MISC",
"url" : "http://sourceforge.net/p/phppgadmin/mailman/message/28783470/"
},
{
"name" : "http://www.postgresql.org/message-id/4F6B447C.6080204@dalibo.com",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/message-id/4F6B447C.6080204@dalibo.com"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=808439",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=808439"
},
{
"name" : "https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00",
"refsource" : "CONFIRM",
"url" : "https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00"
},
{
"name" : "https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0",
"refsource" : "CONFIRM",
"url" : "https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0"
},
{
"name" : "openSUSE-SU-2012:0493",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"name" : "52761",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52761"
},
{
"name" : "80870",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/80870"
},
{
"name" : "48574",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48574"
},
{
"name" : "phppgadmin-function-xss(74440)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74440"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52761"
},
{
"name": "http://www.postgresql.org/message-id/4F6B447C.6080204@dalibo.com",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/message-id/4F6B447C.6080204@dalibo.com"
},
{
"name": "openSUSE-SU-2012:0493",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html"
},
{
"name": "[oss-security] 20120328 Re: CVE request: phppgadmin before 5.0.4 XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/6"
},
{
"name": "https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00",
"refsource": "CONFIRM",
"url": "https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00"
},
{
"name": "https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0",
"refsource": "CONFIRM",
"url": "https://github.com/phppgadmin/phppgadmin/commit/e92a003624609a445c4cf57c9c3d1fcef0eae47c#diff-0"
},
{
"name": "[oss-security] 20120330 Re: CVE request: phppgadmin before 5.0.4 XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/7"
},
{
"name": "48574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48574"
},
{
"name": "http://sourceforge.net/p/phppgadmin/mailman/message/28783470/",
"refsource": "MISC",
"url": "http://sourceforge.net/p/phppgadmin/mailman/message/28783470/"
},
{
"name": "phppgadmin-function-xss(74440)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74440"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=808439",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=808439"
},
{
"name": "[oss-security] 20120328 CVE request: phppgadmin before 5.0.4 XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/11"
},
{
"name": "80870",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80870"
}
]
}
}

140
2012/1xxx/CVE-2012-1763.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1763",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Clinical/Remote Data Capture component in Oracle Industry Applications 4.6.0 and 4.6.2 allows remote authenticated users to affect confidentiality, related to HTML Surround."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "1027675",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027675"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Clinical/Remote Data Capture component in Oracle Industry Applications 4.6.0 and 4.6.2 allows remote authenticated users to affect confidentiality, related to HTML Surround."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "1027675",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027675"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

190
2012/3xxx/CVE-2012-3533.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3533",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120824 oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/24/6"
},
{
"name" : "[oss-security] 20120826 Re: oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/26/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=851672",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=851672"
},
{
"name" : "http://gerrit.ovirt.org/#/c/7209/",
"refsource" : "CONFIRM",
"url" : "http://gerrit.ovirt.org/#/c/7209/"
},
{
"name" : "http://gerrit.ovirt.org/#/c/7249/",
"refsource" : "CONFIRM",
"url" : "http://gerrit.ovirt.org/#/c/7249/"
},
{
"name" : "55208",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55208"
},
{
"name" : "50409",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50409"
},
{
"name" : "ovirt-ssl-spoofing(77984)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77984"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55208"
},
{
"name": "[oss-security] 20120824 oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/24/6"
},
{
"name": "[oss-security] 20120826 Re: oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/26/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=851672",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=851672"
},
{
"name": "50409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50409"
},
{
"name": "ovirt-ssl-spoofing(77984)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77984"
},
{
"name": "http://gerrit.ovirt.org/#/c/7209/",
"refsource": "CONFIRM",
"url": "http://gerrit.ovirt.org/#/c/7209/"
},
{
"name": "http://gerrit.ovirt.org/#/c/7249/",
"refsource": "CONFIRM",
"url": "http://gerrit.ovirt.org/#/c/7249/"
}
]
}
}

130
2012/4xxx/CVE-2012-4046.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2012/Dec/98"
},
{
"name" : "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046",
"refsource" : "MISC",
"url" : "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR[\"P\"] value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046",
"refsource": "MISC",
"url": "http://www.fishnetsecurity.com/6labs/blog/password-disclosure-d-link-surveillance-cameras-cve-2012-4046"
},
{
"name": "20121213 Password Disclosure in D-Link IP Cameras (CVE-2012-4046)",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2012/Dec/98"
}
]
}
}

34
2012/4xxx/CVE-2012-4227.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4227",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4227",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/4xxx/CVE-2012-4309.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4309",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4309",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2012/4xxx/CVE-2012-4399.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4399",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120716 CakePHP 2.x-2.2.0-RC2 XXE Injection",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2012/Jul/101"
},
{
"name" : "19863",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/19863"
},
{
"name" : "[oss-security] 20120903 CVE-request: CakePHP XXE injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/03/1"
},
{
"name" : "[oss-security] 20120903 Re: CVE-request: CakePHP XXE injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/03/2"
},
{
"name" : "http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1",
"refsource" : "CONFIRM",
"url" : "http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1"
},
{
"name" : "84042",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/84042"
},
{
"name" : "49900",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49900"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49900",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49900"
},
{
"name": "20120716 CakePHP 2.x-2.2.0-RC2 XXE Injection",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2012/Jul/101"
},
{
"name": "http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1",
"refsource": "CONFIRM",
"url": "http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1"
},
{
"name": "19863",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19863"
},
{
"name": "84042",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/84042"
},
{
"name": "[oss-security] 20120903 CVE-request: CakePHP XXE injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/03/1"
},
{
"name": "[oss-security] 20120903 Re: CVE-request: CakePHP XXE injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/03/2"
}
]
}
}

34
2012/4xxx/CVE-2012-4727.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4727",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4727",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/5xxx/CVE-2012-5981.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5981",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5981",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/2xxx/CVE-2017-2214.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2214",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "AppCheck",
"version" : {
"version_data" : [
{
"version_value" : "prior to Version 2.0.1.15"
}
]
}
},
{
"product_name" : "AppCheck Pro",
"version" : {
"version_data" : [
{
"version_value" : "prior to Version 2.0.1.15"
}
]
}
}
]
},
"vendor_name" : "JIRANSOFT JAPAN, INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AppCheck",
"version": {
"version_data": [
{
"version_value": "prior to Version 2.0.1.15"
}
]
}
},
{
"product_name": "AppCheck Pro",
"version": {
"version_data": [
{
"version_value": "prior to Version 2.0.1.15"
}
]
}
}
]
},
"vendor_name": "JIRANSOFT JAPAN, INC."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#99737748",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN99737748/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99737748",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN99737748/index.html"
}
]
}
}

218
2017/2xxx/CVE-2017-2301.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"ID" : "CVE-2017-2301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Junos OS with DHCPv6 enabled",
"version" : {
"version_data" : [
{
"version_value" : "11.4 prior to 11.4R13-S3"
},
{
"version_value" : "12.1X46 prior to 12.1X46-D60"
},
{
"version_value" : "12.3 prior to 12.3R12-S2 or 12.3R13"
},
{
"version_value" : "12.3X48 prior to 12.3X48-D40"
},
{
"version_value" : "13.2X51 prior to 13.2X51-D40"
},
{
"version_value" : "13.3 prior to 13.3R10"
},
{
"version_value" : "14.1 prior to 14.1R8"
},
{
"version_value" : "14.1X53 prior to 14.1X53-D12 or 14.1X53-D35"
},
{
"version_value" : "14.1X55 prior to 14.1X55-D35"
},
{
"version_value" : "14.2 prior to 14.2R7"
},
{
"version_value" : "15.1 prior to 15.1F6 or 15.1R3"
},
{
"version_value" : "15.1X49 prior to 15.1X49-D60"
},
{
"version_value" : "15.1X53 prior to 15.1X53-D30"
},
{
"version_value" : "16.1R1 and all subsequent releases include a fix."
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D12 or 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R7, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D60, 15.1X53 prior to 15.1X53-D30 and DHCPv6 enabled, when a crafted DHCPv6 packet is received from a subscriber, jdhcpd daemon crashes and restarts. Repeated crashes of the jdhcpd process may constitute an extended denial of service condition for subscribers attempting to obtain IPv6 addresses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "jdhcpd daemon crash denial of service vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS with DHCPv6 enabled",
"version": {
"version_data": [
{
"version_value": "11.4 prior to 11.4R13-S3"
},
{
"version_value": "12.1X46 prior to 12.1X46-D60"
},
{
"version_value": "12.3 prior to 12.3R12-S2 or 12.3R13"
},
{
"version_value": "12.3X48 prior to 12.3X48-D40"
},
{
"version_value": "13.2X51 prior to 13.2X51-D40"
},
{
"version_value": "13.3 prior to 13.3R10"
},
{
"version_value": "14.1 prior to 14.1R8"
},
{
"version_value": "14.1X53 prior to 14.1X53-D12 or 14.1X53-D35"
},
{
"version_value": "14.1X55 prior to 14.1X55-D35"
},
{
"version_value": "14.2 prior to 14.2R7"
},
{
"version_value": "15.1 prior to 15.1F6 or 15.1R3"
},
{
"version_value": "15.1X49 prior to 15.1X49-D60"
},
{
"version_value": "15.1X53 prior to 15.1X53-D30"
},
{
"version_value": "16.1R1 and all subsequent releases include a fix."
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10769",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10769"
},
{
"name" : "95396",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95396"
},
{
"name" : "1037596",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037596"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D12 or 14.1X53-D35, 14.1X55 prior to 14.1X55-D35, 14.2 prior to 14.2R7, 15.1 prior to 15.1F6 or 15.1R3, 15.1X49 prior to 15.1X49-D60, 15.1X53 prior to 15.1X53-D30 and DHCPv6 enabled, when a crafted DHCPv6 packet is received from a subscriber, jdhcpd daemon crashes and restarts. Repeated crashes of the jdhcpd process may constitute an extended denial of service condition for subscribers attempting to obtain IPv6 addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "jdhcpd daemon crash denial of service vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95396"
},
{
"name": "1037596",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037596"
},
{
"name": "https://kb.juniper.net/JSA10769",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10769"
}
]
}
}

176
2017/2xxx/CVE-2017-2604.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2017-2604",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "jenkins",
"version" : {
"version_data" : [
{
"version_value" : "jenkins 2.44"
},
{
"version_value" : "jenkins 2.32.2"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371)."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-358"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jenkins",
"version": {
"version_data": [
{
"version_value": "jenkins 2.44"
},
{
"version_value": "jenkins 2.32.2"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604"
},
{
"name" : "https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67ceaf8",
"refsource" : "CONFIRM",
"url" : "https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67ceaf8"
},
{
"name" : "https://jenkins.io/security/advisory/2017-02-01/",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2017-02-01/"
},
{
"name" : "95959",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95959"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Jenkins before versions 2.44, 2.32.2 low privilege users were able to act on administrative monitors due to them not being consistently protected by permission checks (SECURITY-371)."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-358"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2017-02-01/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-02-01/"
},
{
"name": "95959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95959"
},
{
"name": "https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67ceaf8",
"refsource": "CONFIRM",
"url": "https://github.com/jenkinsci/jenkins/commit/6efcf6c2ac39bc5c59ac7251822be8ddf67ceaf8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2604"
}
]
}
}

130
2017/3xxx/CVE-2017-3010.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3010",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
},
{
"name" : "97306",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97306"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the rendering engine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97306"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
}
]
}
}

34
2017/3xxx/CVE-2017-3174.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3174",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3174",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/3xxx/CVE-2017-3959.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3959",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3959",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/6xxx/CVE-2017-6240.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6240",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6240",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2017/7xxx/CVE-2017-7089.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208112",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208112"
},
{
"name" : "https://support.apple.com/HT208116",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208116"
},
{
"name" : "https://support.apple.com/HT208142",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208142"
},
{
"name" : "100893",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100893"
},
{
"name" : "1039384",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039384"
},
{
"name" : "1039385",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039385"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039384",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039384"
},
{
"name": "https://support.apple.com/HT208142",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208142"
},
{
"name": "1039385",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039385"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name": "100893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100893"
},
{
"name": "https://support.apple.com/HT208116",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208116"
}
]
}
}

120
2017/7xxx/CVE-2017-7155.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7155",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208331",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208331"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208331",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208331"
}
]
}
}

160
2017/7xxx/CVE-2017-7519.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2017-7519",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ceph",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "2.3/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-134"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ceph",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7519",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7519"
},
{
"name" : "DSA-4339",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4339"
},
{
"name" : "99075",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99075"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Ceph, a format string flaw was found in the way libradosstriper parses input from user. A user could crash an application or service using the libradosstriper library."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "2.3/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-134"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99075"
},
{
"name": "DSA-4339",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7519",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7519"
}
]
}
}

130
2017/7xxx/CVE-2017-7686.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2017-7686",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Ignite",
"version" : {
"version_data" : [
{
"version_value" : "1.0.0-RC3 to 2.0"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-7686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Ignite",
"version": {
"version_data": [
{
"version_value": "1.0.0-RC3 to 2.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2017-7686-Apache-Ignite-Information-Disclosure-td19168.html",
"refsource" : "CONFIRM",
"url" : "http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2017-7686-Apache-Ignite-Information-Disclosure-td19168.html"
},
{
"name" : "99292",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99292"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99292"
},
{
"name": "http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2017-7686-Apache-Ignite-Information-Disclosure-td19168.html",
"refsource": "CONFIRM",
"url": "http://apache-ignite-developers.2346864.n4.nabble.com/CVE-2017-7686-Apache-Ignite-Information-Disclosure-td19168.html"
}
]
}
}

120
2018/10xxx/CVE-2018-10048.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "iScripts eSwap v2.4 has CSRF via \"registration_settings.php\" in the Admin Panel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pastebin.com/RVdpLAT8",
"refsource" : "MISC",
"url" : "https://pastebin.com/RVdpLAT8"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts eSwap v2.4 has CSRF via \"registration_settings.php\" in the Admin Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/RVdpLAT8",
"refsource": "MISC",
"url": "https://pastebin.com/RVdpLAT8"
}
]
}
}

130
2018/10xxx/CVE-2018-10303.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10303",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://srcincite.io/advisories/src-2018-0020/",
"refsource" : "MISC",
"url" : "https://srcincite.io/advisories/src-2018-0020/"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://srcincite.io/advisories/src-2018-0020/",
"refsource": "MISC",
"url": "https://srcincite.io/advisories/src-2018-0020/"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

142
2018/10xxx/CVE-2018-10609.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-05-22T00:00:00",
"ID" : "CVE-2018-10609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TELEM-GW6/GWM",
"version" : {
"version_data" : [
{
"version_value" : "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
}
]
},
"vendor_name" : "Martem"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-22T00:00:00",
"ID": "CVE-2018-10609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TELEM-GW6/GWM",
"version": {
"version_data": [
{
"version_value": "2018.04.18-linux_4-01-601cb47 and prior"
}
]
}
}
]
},
"vendor_name": "Martem"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"name" : "http://martem.eu/csa/Martem_CSA_Telem_1805181.pdf",
"refsource" : "CONFIRM",
"url" : "http://martem.eu/csa/Martem_CSA_Telem_1805181.pdf"
},
{
"name" : "104286",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104286"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01"
},
{
"name": "http://martem.eu/csa/Martem_CSA_Telem_1805181.pdf",
"refsource": "CONFIRM",
"url": "http://martem.eu/csa/Martem_CSA_Telem_1805181.pdf"
},
{
"name": "104286",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104286"
}
]
}
}

130
2018/10xxx/CVE-2018-10780.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10780",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1575201",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1575201"
},
{
"name" : "GLSA-201811-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-14"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201811-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-14"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1575201",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575201"
}
]
}
}

120
2018/14xxx/CVE-2018-14069.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/martinzhou2015/SRCMS/issues/20",
"refsource" : "MISC",
"url" : "https://github.com/martinzhou2015/SRCMS/issues/20"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/martinzhou2015/SRCMS/issues/20",
"refsource": "MISC",
"url": "https://github.com/martinzhou2015/SRCMS/issues/20"
}
]
}
}

130
2018/14xxx/CVE-2018-14270.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14270",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.1049"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6033."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.1049"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-730",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-730"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeDataObject method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6033."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-730",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-730"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

130
2018/14xxx/CVE-2018-14549.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_write in libwav.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/fouzhe/security/tree/master/libwav#segv-in-function-wav_write-in-libwavc",
"refsource" : "MISC",
"url" : "https://github.com/fouzhe/security/tree/master/libwav#segv-in-function-wav_write-in-libwavc"
},
{
"name" : "https://github.com/marc-q/libwav/issues/23",
"refsource" : "MISC",
"url" : "https://github.com/marc-q/libwav/issues/23"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_write in libwav.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fouzhe/security/tree/master/libwav#segv-in-function-wav_write-in-libwavc",
"refsource": "MISC",
"url": "https://github.com/fouzhe/security/tree/master/libwav#segv-in-function-wav_write-in-libwavc"
},
{
"name": "https://github.com/marc-q/libwav/issues/23",
"refsource": "MISC",
"url": "https://github.com/marc-q/libwav/issues/23"
}
]
}
}

120
2018/14xxx/CVE-2018-14689.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14689",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to transcodingSettings.view that could be used to steal session information of a victim."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Subsonic 6.1.1. The transcoding settings are affected by five stored cross-site scripting vulnerabilities in the name[x], sourceformats[x], targetFormat[x], step1[x], and step2[x] parameters (where x is an integer) to transcodingSettings.view that could be used to steal session information of a victim."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/"
}
]
}
}

120
2018/17xxx/CVE-2018-17140.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17140",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45307",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45307/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45307",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45307/"
}
]
}
}

120
2018/17xxx/CVE-2018-17233.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero",
"refsource" : "MISC",
"url" : "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero",
"refsource": "MISC",
"url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero"
}
]
}
}

34
2018/17xxx/CVE-2018-17279.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17279",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17279",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

34
2018/17xxx/CVE-2018-17327.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17327",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17327",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/20xxx/CVE-2018-20198.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20198",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENCE case."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/knik0/faad2/issues/23",
"refsource" : "MISC",
"url" : "https://github.com/knik0/faad2/issues/23"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service because adding to windowed output is mishandled in the LONG_START_SEQUENCE case."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/knik0/faad2/issues/23",
"refsource": "MISC",
"url": "https://github.com/knik0/faad2/issues/23"
}
]
}
}

34
2018/9xxx/CVE-2018-9088.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9088",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9088",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9678.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9678",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9678",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9754.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9754",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9754",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}