admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:27:15 +00:00
parent 43c420d2fb
commit a56dc48ce3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 3719 additions and 3719 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
2002/0xxx/CVE-2002-0306.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0306",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020221 \"Cthulhu xhAze\" - Command execution in Ans.pl",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101430868616112&w=2"
},
{
"name" : "4149",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4149"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4149"
},
{
"name": "20020221 \"Cthulhu xhAze\" - Command execution in Ans.pl",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101430868616112&w=2"
}
]
}
}

138
2002/0xxx/CVE-2002-0471.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0471",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020318 PHP Net Toolpack: input validation error",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2002/Mar/0263.html"
},
{
"name" : "4303",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4303"
},
{
"name" : "phpnettoolpack-traceroute-command-execution(8482)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8482.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020318 PHP Net Toolpack: input validation error",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2002/Mar/0263.html"
},
{
"name": "phpnettoolpack-traceroute-command-execution(8482)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8482.php"
},
{
"name": "4303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4303"
}
]
}
}

128
2002/2xxx/CVE-2002-2038.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2038",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4913",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4913"
},
{
"name" : "ngpt-shared-memory-dos(9255)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9255.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ngpt-shared-memory-dos(9255)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9255.php"
},
{
"name": "4913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4913"
}
]
}
}

138
2002/2xxx/CVE-2002-2233.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via \"@\" (at) characters in a CD (CWD) command, such as (1) \"@/....\\\", (2) \"@@@/..c:\\\", or (3) \"@/..@/..\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021219 Multiple vulnerability in Enceladus Server",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0193.html"
},
{
"name" : "enceladus-cd-dos(11020)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11020"
},
{
"name" : "enceladus-cd-directory-traversal(11019)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11019"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via \"@\" (at) characters in a CD (CWD) command, such as (1) \"@/....\\\", (2) \"@@@/..c:\\\", or (3) \"@/..@/..\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "enceladus-cd-directory-traversal(11019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11019"
},
{
"name": "enceladus-cd-dos(11020)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11020"
},
{
"name": "20021219 Multiple vulnerability in Enceladus Server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0193.html"
}
]
}
}

178
2005/0xxx/CVE-2005-0209.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050315 [USN-95-1] Linux kernel vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111091402626556&w=2"
},
{
"name" : "CLA-2005:945",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945"
},
{
"name" : "RHSA-2005:366",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-366.html"
},
{
"name" : "RHSA-2005:420",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-420.html"
},
{
"name" : "SUSE-SA:2005:018",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_18_kernel.html"
},
{
"name" : "12598",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12598"
},
{
"name" : "oval:org.mitre.oval:def:11855",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11855"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050315 [USN-95-1] Linux kernel vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111091402626556&w=2"
},
{
"name": "RHSA-2005:366",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-366.html"
},
{
"name": "SUSE-SA:2005:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_18_kernel.html"
},
{
"name": "oval:org.mitre.oval:def:11855",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11855"
},
{
"name": "12598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12598"
},
{
"name": "RHSA-2005:420",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-420.html"
},
{
"name": "CLA-2005:945",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945"
}
]
}
}

168
2005/1xxx/CVE-2005-1101.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050412 Remote Buffer Overflow in Lotus Domino",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111335285121320&w=2"
},
{
"name" : "http://www.ngssoftware.com/advisories/lotus-01.txt",
"refsource" : "MISC",
"url" : "http://www.ngssoftware.com/advisories/lotus-01.txt"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202431",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202431"
},
{
"name" : "15364",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15364"
},
{
"name" : "14879",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14879/"
},
{
"name" : "lotus-timedate-bo(20042)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20042"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngssoftware.com/advisories/lotus-01.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/lotus-01.txt"
},
{
"name": "15364",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15364"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202431",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202431"
},
{
"name": "14879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14879/"
},
{
"name": "lotus-timedate-bo(20042)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20042"
},
{
"name": "20050412 Remote Buffer Overflow in Lotus Domino",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111335285121320&w=2"
}
]
}
}

138
2005/1xxx/CVE-2005-1388.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1388",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.columbia.edu/acis/dev/projects/survivor/doc/todo.html#changelog",
"refsource" : "CONFIRM",
"url" : "http://www.columbia.edu/acis/dev/projects/survivor/doc/todo.html#changelog"
},
{
"name" : "15905",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15905"
},
{
"name" : "13415",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13415"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13415"
},
{
"name": "15905",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15905"
},
{
"name": "http://www.columbia.edu/acis/dev/projects/survivor/doc/todo.html#changelog",
"refsource": "CONFIRM",
"url": "http://www.columbia.edu/acis/dev/projects/survivor/doc/todo.html#changelog"
}
]
}
}

138
2005/1xxx/CVE-2005-1555.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html"
},
{
"name" : "20050510 New Macromedia Security Zone Bulletin Posted",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111575500403231&w=2"
},
{
"name" : "coldfusion-mx7-default-page-xss(20550)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20550"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050510 New Macromedia Security Zone Bulletin Posted",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111575500403231&w=2"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-03.html"
},
{
"name": "coldfusion-mx7-default-page-xss(20550)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20550"
}
]
}
}

148
2005/1xxx/CVE-2005-1586.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1586",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html"
},
{
"name" : "16328",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16328"
},
{
"name" : "16329",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16329"
},
{
"name" : "15200",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15200"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html"
},
{
"name": "15200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15200"
},
{
"name": "16328",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16328"
},
{
"name": "16329",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16329"
}
]
}
}

228
2005/1xxx/CVE-2005-1782.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, or (5) add_url.htm, the isbn parameter to (6) add_review.htm, (7) add_contents.htm, (8) add_classification.htm, the (9) chapters parameter to the add_contents page in index.php (aka add_contents.htm), (10) the user parameter to contact.htm, or (11) the submit[string] parameter to search.htm. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lostmon.blogspot.com/2005/05/bookreview-10-multiple-variable-xss.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2005/05/bookreview-10-multiple-variable-xss.html"
},
{
"name" : "13783",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13783"
},
{
"name" : "16871",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16871"
},
{
"name" : "16872",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16872"
},
{
"name" : "16873",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16873"
},
{
"name" : "16874",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16874"
},
{
"name" : "16875",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16875"
},
{
"name" : "16876",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16876"
},
{
"name" : "16877",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16877"
},
{
"name" : "16878",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16878"
},
{
"name" : "16879",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16879"
},
{
"name" : "1014058",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014058"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta 1.0 allow remote attackers to inject arbitrary web script or HTML via the node parameter to (1) add_review.htm, (2) suggest_review.htm, (3) suggest_category.htm, (4) add_booklist.htm, or (5) add_url.htm, the isbn parameter to (6) add_review.htm, (7) add_contents.htm, (8) add_classification.htm, the (9) chapters parameter to the add_contents page in index.php (aka add_contents.htm), (10) the user parameter to contact.htm, or (11) the submit[string] parameter to search.htm. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13783"
},
{
"name": "1014058",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014058"
},
{
"name": "16873",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16873"
},
{
"name": "http://lostmon.blogspot.com/2005/05/bookreview-10-multiple-variable-xss.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/05/bookreview-10-multiple-variable-xss.html"
},
{
"name": "16876",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16876"
},
{
"name": "16874",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16874"
},
{
"name": "16878",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16878"
},
{
"name": "16879",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16879"
},
{
"name": "16871",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16871"
},
{
"name": "16872",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16872"
},
{
"name": "16875",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16875"
},
{
"name": "16877",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16877"
}
]
}
}

32
2005/1xxx/CVE-2005-1927.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1927",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1927",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2009/0xxx/CVE-2009-0441.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7965",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7965"
},
{
"name" : "33592",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33592"
},
{
"name" : "51740",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51740"
},
{
"name" : "33732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33732"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33592"
},
{
"name": "33732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33732"
},
{
"name": "7965",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7965"
},
{
"name": "51740",
"refsource": "OSVDB",
"url": "http://osvdb.org/51740"
}
]
}
}

32
2009/0xxx/CVE-2009-0567.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0567",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-0567",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}

208
2009/1xxx/CVE-2009-1213.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.bugzilla.org/security/3.2.2/",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security/3.2.2/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=476603",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=476603"
},
{
"name" : "FEDORA-2009-3405",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00188.html"
},
{
"name" : "FEDORA-2009-3410",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.html"
},
{
"name" : "34308",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34308"
},
{
"name" : "34545",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34545"
},
{
"name" : "34547",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34547"
},
{
"name" : "34624",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34624"
},
{
"name" : "ADV-2009-0887",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0887"
},
{
"name" : "bugzilla-attachment-csrf(49524)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49524"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-3405",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00188.html"
},
{
"name": "ADV-2009-0887",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0887"
},
{
"name": "bugzilla-attachment-csrf(49524)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49524"
},
{
"name": "http://www.bugzilla.org/security/3.2.2/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.2.2/"
},
{
"name": "34545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34545"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=476603",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=476603"
},
{
"name": "34308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34308"
},
{
"name": "34547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34547"
},
{
"name": "FEDORA-2009-3410",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.html"
},
{
"name": "34624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34624"
}
]
}
}

148
2009/1xxx/CVE-2009-1556.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1556",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-2/",
"refsource" : "MISC",
"url" : "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-2/"
},
{
"name" : "34629",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34629"
},
{
"name" : "34767",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34767"
},
{
"name" : "ADV-2009-1173",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1173"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain the admin password, a different vulnerability than CVE-2004-2507."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-2/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-2/"
},
{
"name": "ADV-2009-1173",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1173"
},
{
"name": "34767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34767"
},
{
"name": "34629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34629"
}
]
}
}

338
2009/1xxx/CVE-2009-1581.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667",
"refsource" : "CONFIRM",
"url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667"
},
{
"name" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667",
"refsource" : "CONFIRM",
"url" : "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667"
},
{
"name" : "http://www.squirrelmail.org/security/issue/2009-05-12",
"refsource" : "CONFIRM",
"url" : "http://www.squirrelmail.org/security/issue/2009-05-12"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=500356",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=500356"
},
{
"name" : "http://support.apple.com/kb/HT4188",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4188"
},
{
"name" : "APPLE-SA-2010-06-15-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name" : "DSA-1802",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1802"
},
{
"name" : "FEDORA-2009-4870",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name" : "FEDORA-2009-4880",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"name" : "FEDORA-2009-4875",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name" : "MDVSA-2009:110",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name" : "RHSA-2009:1066",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"name" : "34916",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34916"
},
{
"name" : "oval:org.mitre.oval:def:10441",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441"
},
{
"name" : "35052",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35052"
},
{
"name" : "35073",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35073"
},
{
"name" : "35140",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35140"
},
{
"name" : "35259",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35259"
},
{
"name" : "40220",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40220"
},
{
"name" : "ADV-2009-1296",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name" : "ADV-2010-1481",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name" : "squirrelmail-css-xss(50463)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50463"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "functions/mime.php in SquirrelMail before 1.4.18 does not protect the application's content from Cascading Style Sheets (CSS) positioning in HTML e-mail messages, which allows remote attackers to spoof the user interface, and conduct cross-site scripting (XSS) and phishing attacks, via a crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-06-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=500356",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500356"
},
{
"name": "MDVSA-2009:110",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:110"
},
{
"name": "34916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34916"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog"
},
{
"name": "ADV-2010-1481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1481"
},
{
"name": "oval:org.mitre.oval:def:10441",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10441"
},
{
"name": "FEDORA-2009-4870",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00566.html"
},
{
"name": "35140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35140"
},
{
"name": "FEDORA-2009-4880",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00577.html"
},
{
"name": "http://www.squirrelmail.org/security/issue/2009-05-12",
"refsource": "CONFIRM",
"url": "http://www.squirrelmail.org/security/issue/2009-05-12"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/mime.php?r1=13667&r2=13666&pathrev=13667"
},
{
"name": "http://support.apple.com/kb/HT4188",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4188"
},
{
"name": "squirrelmail-css-xss(50463)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50463"
},
{
"name": "40220",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40220"
},
{
"name": "ADV-2009-1296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1296"
},
{
"name": "35259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35259"
},
{
"name": "35052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35052"
},
{
"name": "FEDORA-2009-4875",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00572.html"
},
{
"name": "RHSA-2009:1066",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1066.html"
},
{
"name": "35073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35073"
},
{
"name": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667",
"refsource": "CONFIRM",
"url": "http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667"
},
{
"name": "DSA-1802",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1802"
}
]
}
}

138
2009/1xxx/CVE-2009-1804.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8635",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8635"
},
{
"name" : "34868",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34868"
},
{
"name" : "videoscript-index-sql-injection(50373)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50373"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34868"
},
{
"name": "8635",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8635"
},
{
"name": "videoscript-index-sql-injection(50373)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50373"
}
]
}
}

138
2009/1xxx/CVE-2009-1821.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8705",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8705"
},
{
"name" : "ADV-2009-1347",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1347"
},
{
"name" : "registrationmgr-webblogmgr-info-disclosure(50915)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50915"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1347",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1347"
},
{
"name": "8705",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8705"
},
{
"name": "registrationmgr-webblogmgr-info-disclosure(50915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50915"
}
]
}
}

168
2009/1xxx/CVE-2009-1879.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1879",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090819 Adobe Flex 3.3 SDK DOM-Based XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/505948/100/0/threaded"
},
{
"name" : "http://www.gdssecurity.com/l/b/2009/08/20/adobe-flex-3-3-sdk-dom-based-xss/",
"refsource" : "MISC",
"url" : "http://www.gdssecurity.com/l/b/2009/08/20/adobe-flex-3-3-sdk-dom-based-xss/"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
},
{
"name" : "1022748",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022748"
},
{
"name" : "36374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36374"
},
{
"name" : "flex-indextemplate-xss(52608)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52608"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022748",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022748"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
},
{
"name": "http://www.gdssecurity.com/l/b/2009/08/20/adobe-flex-3-3-sdk-dom-based-xss/",
"refsource": "MISC",
"url": "http://www.gdssecurity.com/l/b/2009/08/20/adobe-flex-3-3-sdk-dom-based-xss/"
},
{
"name": "20090819 Adobe Flex 3.3 SDK DOM-Based XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505948/100/0/threaded"
},
{
"name": "36374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36374"
},
{
"name": "flex-indextemplate-xss(52608)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52608"
}
]
}
}

168
2012/2xxx/CVE-2012-2109.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120331 SQL injection in Wordpress plugin Buddypress",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2012/Apr/4"
},
{
"name" : "18690",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18690"
},
{
"name" : "[oss-security] 20120415 CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/15/2"
},
{
"name" : "[oss-security] 20120416 Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/16/10"
},
{
"name" : "http://buddypress.org/2012/03/buddypress-1-5-5/",
"refsource" : "CONFIRM",
"url" : "http://buddypress.org/2012/03/buddypress-1-5-5/"
},
{
"name" : "80763",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80763"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://buddypress.org/2012/03/buddypress-1-5-5/",
"refsource": "CONFIRM",
"url": "http://buddypress.org/2012/03/buddypress-1-5-5/"
},
{
"name": "18690",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18690"
},
{
"name": "80763",
"refsource": "OSVDB",
"url": "http://osvdb.org/80763"
},
{
"name": "[oss-security] 20120416 Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/16/10"
},
{
"name": "[oss-security] 20120415 CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/15/2"
},
{
"name": "20120331 SQL injection in Wordpress plugin Buddypress",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2012/Apr/4"
}
]
}
}

138
2012/2xxx/CVE-2012-2405.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2405",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2",
"refsource" : "CONFIRM",
"url" : "http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=812045",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=812045"
},
{
"name" : "gallery-encryption-unspecified(75201)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75201"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2"
},
{
"name": "gallery-encryption-unspecified(75201)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75201"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=812045",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=812045"
}
]
}
}

158
2012/2xxx/CVE-2012-2411.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2411",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://service.real.com/realplayer/security/05152012_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/05152012_player/en/"
},
{
"name" : "81944",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81944"
},
{
"name" : "1027076",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027076"
},
{
"name" : "49193",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49193"
},
{
"name" : "realplayer-realjukebox-bo(75648)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75648"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49193",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49193"
},
{
"name": "1027076",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027076"
},
{
"name": "http://service.real.com/realplayer/security/05152012_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/05152012_player/en/"
},
{
"name": "realplayer-realjukebox-bo(75648)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75648"
},
{
"name": "81944",
"refsource": "OSVDB",
"url": "http://osvdb.org/81944"
}
]
}
}

188
2012/3xxx/CVE-2012-3000.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3000",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-3000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130122 SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0094.html"
},
{
"name" : "http://packetstormsecurity.com/files/119739/F5-BIG-IP-11.2.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/119739/F5-BIG-IP-11.2.0-SQL-Injection.html"
},
{
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10.txt",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10.txt"
},
{
"name" : "http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html",
"refsource" : "CONFIRM",
"url" : "http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html"
},
{
"name" : "57500",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57500"
},
{
"name" : "89446",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/89446"
},
{
"name" : "51867",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51867"
},
{
"name" : "f5bigip-sql-injection(81457)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81457"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51867"
},
{
"name": "89446",
"refsource": "OSVDB",
"url": "http://osvdb.org/89446"
},
{
"name": "57500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57500"
},
{
"name": "http://packetstormsecurity.com/files/119739/F5-BIG-IP-11.2.0-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/119739/F5-BIG-IP-11.2.0-SQL-Injection.html"
},
{
"name": "f5bigip-sql-injection(81457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81457"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10.txt"
},
{
"name": "20130122 SEC Consult SA-20130122-1 :: F5 BIG-IP SQL injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0094.html"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html"
}
]
}
}

138
2012/3xxx/CVE-2012-3028.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://en.securitylab.ru/lab/PT-2012-42",
"refsource" : "MISC",
"url" : "http://en.securitylab.ru/lab/PT-2012-42"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
},
{
"name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2012-42",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2012-42"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
]
}
}

32
2012/3xxx/CVE-2012-3303.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3303",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3303",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2012/3xxx/CVE-2012-3808.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3808",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3808",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

158
2012/3xxx/CVE-2012-3820.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html",
"refsource" : "MISC",
"url" : "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html"
},
{
"name" : "86491",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86491"
},
{
"name" : "86492",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86492"
},
{
"name" : "50969",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50969"
},
{
"name" : "campaign-activate-useredit-sql-injection(79507)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79507"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50969",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50969"
},
{
"name": "86492",
"refsource": "OSVDB",
"url": "http://osvdb.org/86492"
},
{
"name": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html",
"refsource": "MISC",
"url": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html"
},
{
"name": "campaign-activate-useredit-sql-injection(79507)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79507"
},
{
"name": "86491",
"refsource": "OSVDB",
"url": "http://osvdb.org/86491"
}
]
}
}

118
2012/3xxx/CVE-2012-3829.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3829",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/112249/Joomla-2.5.3-Host-Header-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/112249/Joomla-2.5.3-Host-Header-Cross-Site-Scripting.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/112249/Joomla-2.5.3-Host-Header-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112249/Joomla-2.5.3-Host-Header-Cross-Site-Scripting.html"
}
]
}
}

138
2012/4xxx/CVE-2012-4395.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name" : "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name" : "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475",
"refsource" : "CONFIRM",
"url" : "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/11/1"
},
{
"name": "[oss-security] 20120901 Re: CVE - ownCloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/2"
},
{
"name": "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475"
}
]
}
}

138
2012/4xxx/CVE-2012-4597.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4597",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10026",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10026"
},
{
"name" : "1027444",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027444"
},
{
"name" : "mcafee-ews-xss(77979)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77979"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027444",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027444"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10026",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10026"
},
{
"name": "mcafee-ews-xss(77979)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77979"
}
]
}
}

148
2012/4xxx/CVE-2012-4600.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4600",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://znuny.com/en/#!/advisory/ZSA-2012-02",
"refsource" : "MISC",
"url" : "http://znuny.com/en/#!/advisory/ZSA-2012-02"
},
{
"name" : "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/",
"refsource" : "CONFIRM",
"url" : "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/"
},
{
"name" : "VU#511404",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/511404"
},
{
"name" : "50615",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50615"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://znuny.com/en/#!/advisory/ZSA-2012-02",
"refsource": "MISC",
"url": "http://znuny.com/en/#!/advisory/ZSA-2012-02"
},
{
"name": "50615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50615"
},
{
"name": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/",
"refsource": "CONFIRM",
"url": "http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/"
},
{
"name": "VU#511404",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/511404"
}
]
}
}

32
2012/4xxx/CVE-2012-4653.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4653",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4653",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

238
2012/6xxx/CVE-2012-6081.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "25304",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/25304"
},
{
"name" : "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name" : "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name" : "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f",
"refsource" : "CONFIRM",
"url" : "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name" : "http://moinmo.in/MoinMoinRelease1.9",
"refsource" : "CONFIRM",
"url" : "http://moinmo.in/MoinMoinRelease1.9"
},
{
"name" : "http://moinmo.in/SecurityFixes",
"refsource" : "CONFIRM",
"url" : "http://moinmo.in/SecurityFixes"
},
{
"name" : "DSA-2593",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2593"
},
{
"name" : "USN-1680-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1680-1"
},
{
"name" : "57082",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57082"
},
{
"name" : "51663",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51663"
},
{
"name" : "51676",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51676"
},
{
"name" : "51696",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51696"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moinmo.in/MoinMoinRelease1.9",
"refsource": "CONFIRM",
"url": "http://moinmo.in/MoinMoinRelease1.9"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51663"
},
{
"name": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f"
},
{
"name": "DSA-2593",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "57082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57082"
},
{
"name": "[oss-security] 20121229 CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/29/6"
},
{
"name": "51676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51676"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (remote code execution vulnerability)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/4"
},
{
"name": "51696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51696"
},
{
"name": "25304",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/25304"
},
{
"name": "USN-1680-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1680-1"
}
]
}
}

138
2012/6xxx/CVE-2012-6104.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130121 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2013/01/21/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36620",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36620"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=220165",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=220165"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36620",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36620"
},
{
"name": "[oss-security] 20130121 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/01/21/1"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=220165",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=220165"
}
]
}
}

178
2012/6xxx/CVE-2012-6636.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6636",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"name" : "http://50.56.33.56/blog/?p=314",
"refsource" : "MISC",
"url" : "http://50.56.33.56/blog/?p=314"
},
{
"name" : "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf",
"refsource" : "MISC",
"url" : "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"name" : "http://www.internetsociety.org/ndss2014/programme#session3",
"refsource" : "MISC",
"url" : "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name" : "http://developer.android.com/reference/android/os/Build.VERSION_CODES.html#JELLY_BEAN_MR1",
"refsource" : "CONFIRM",
"url" : "http://developer.android.com/reference/android/os/Build.VERSION_CODES.html#JELLY_BEAN_MR1"
},
{
"name" : "http://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface%28java.lang.Object,%20java.lang.String%29",
"refsource" : "CONFIRM",
"url" : "http://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface%28java.lang.Object,%20java.lang.String%29"
},
{
"name" : "https://support.lenovo.com/us/en/product_security/len_6421",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/product_security/len_6421"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ndss14nofrak.pdf"
},
{
"name": "http://www.internetsociety.org/ndss2014/programme#session3",
"refsource": "MISC",
"url": "http://www.internetsociety.org/ndss2014/programme#session3"
},
{
"name": "[oss-security] 20140207 Re: CVE request: multiple issues in Apache Cordova/PhoneGap",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/07/9"
},
{
"name": "https://support.lenovo.com/us/en/product_security/len_6421",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/len_6421"
},
{
"name": "http://50.56.33.56/blog/?p=314",
"refsource": "MISC",
"url": "http://50.56.33.56/blog/?p=314"
},
{
"name": "http://developer.android.com/reference/android/os/Build.VERSION_CODES.html#JELLY_BEAN_MR1",
"refsource": "CONFIRM",
"url": "http://developer.android.com/reference/android/os/Build.VERSION_CODES.html#JELLY_BEAN_MR1"
},
{
"name": "http://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface%28java.lang.Object,%20java.lang.String%29",
"refsource": "CONFIRM",
"url": "http://developer.android.com/reference/android/webkit/WebView.html#addJavascriptInterface%28java.lang.Object,%20java.lang.String%29"
}
]
}
}

168
2015/5xxx/CVE-2015-5879.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5879",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205267",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205267"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-30-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name" : "76764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76764"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "76764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76764"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

148
2017/2xxx/CVE-2017-2138.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "CS-Cart Japanese Edition",
"version" : {
"version_data" : [
{
"version_value" : "v4.3.10 and earlier (excluding v2 and v3)"
}
]
}
},
{
"product_name" : "CS-Cart Multivendor Japanese Edition",
"version" : {
"version_data" : [
{
"version_value" : "v4.3.10 and earlier (excluding v2 and v3)"
}
]
}
}
]
},
"vendor_name" : "Frogman Office Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CS-Cart Japanese Edition",
"version": {
"version_data": [
{
"version_value": "v4.3.10 and earlier (excluding v2 and v3)"
}
]
}
},
{
"product_name": "CS-Cart Multivendor Japanese Edition",
"version": {
"version_data": [
{
"version_value": "v4.3.10 and earlier (excluding v2 and v3)"
}
]
}
}
]
},
"vendor_name": "Frogman Office Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tips.cs-cart.jp/fix-csrf-20170406.html",
"refsource" : "MISC",
"url" : "http://tips.cs-cart.jp/fix-csrf-20170406.html"
},
{
"name" : "JVN#87770873",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN87770873/index.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#87770873",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN87770873/index.html"
},
{
"name": "http://tips.cs-cart.jp/fix-csrf-20170406.html",
"refsource": "MISC",
"url": "http://tips.cs-cart.jp/fix-csrf-20170406.html"
}
]
}
}

118
2017/2xxx/CVE-2017-2288.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2288",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LhaForge",
"version" : {
"version_data" : [
{
"version_value" : "Ver.1.6.5 and earlier"
}
]
}
}
]
},
"vendor_name" : "Claybird"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LhaForge",
"version": {
"version_data": [
{
"version_value": "Ver.1.6.5 and earlier"
}
]
}
}
]
},
"vendor_name": "Claybird"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#74554973",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN74554973/index.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#74554973",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN74554973/index.html"
}
]
}
}

158
2017/2xxx/CVE-2017-2372.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the \"Projects\" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0262/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0262/"
},
{
"name" : "https://support.apple.com/HT207476",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207476"
},
{
"name" : "https://support.apple.com/HT207477",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207477"
},
{
"name" : "95627",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95627"
},
{
"name" : "1037627",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037627"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the \"Projects\" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207476",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207476"
},
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0262/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0262/"
},
{
"name": "95627",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95627"
},
{
"name": "https://support.apple.com/HT207477",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207477"
},
{
"name": "1037627",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037627"
}
]
}
}

174
2017/2xxx/CVE-2017-2598.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2017-2598",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "jenkins",
"version" : {
"version_data" : [
{
"version_value" : "jenkins 2.44"
},
{
"version_value" : "jenkins 2.32.2"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304)."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-325"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jenkins",
"version": {
"version_data": [
{
"version_value": "jenkins 2.44"
},
{
"version_value": "jenkins 2.32.2"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598"
},
{
"name" : "https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b",
"refsource" : "CONFIRM",
"url" : "https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b"
},
{
"name" : "https://jenkins.io/security/advisory/2017-02-01/",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2017-02-01/"
},
{
"name" : "95948",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95948"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks (SECURITY-304)."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-325"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2017-02-01/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-02-01/"
},
{
"name": "https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b",
"refsource": "CONFIRM",
"url": "https://github.com/jenkinsci/jenkins/commit/e6aa166246d1734f4798a9e31f78842f4c85c28b"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2598"
},
{
"name": "95948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95948"
}
]
}
}

158
2017/2xxx/CVE-2017-2927.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-2927",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 24.0.0.186 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 24.0.0.186 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-2927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 24.0.0.186 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 24.0.0.186 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
},
{
"name" : "GLSA-201702-20",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-20"
},
{
"name" : "RHSA-2017:0057",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
},
{
"name" : "95347",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95347"
},
{
"name" : "1037570",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037570"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95347"
},
{
"name": "GLSA-201702-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-20"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
},
{
"name": "RHSA-2017:0057",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
},
{
"name": "1037570",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037570"
}
]
}
}

168
2017/6xxx/CVE-2017-6818.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6818",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://codex.wordpress.org/Version_4.7.3",
"refsource" : "MISC",
"url" : "https://codex.wordpress.org/Version_4.7.3"
},
{
"name" : "https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9",
"refsource" : "MISC",
"url" : "https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9"
},
{
"name" : "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/",
"refsource" : "MISC",
"url" : "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8769",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8769"
},
{
"name" : "96601",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96601"
},
{
"name" : "1037959",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037959"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037959",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037959"
},
{
"name": "96601",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96601"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8769",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8769"
},
{
"name": "https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9",
"refsource": "MISC",
"url": "https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9"
},
{
"name": "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/",
"refsource": "MISC",
"url": "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/"
},
{
"name": "https://codex.wordpress.org/Version_4.7.3",
"refsource": "MISC",
"url": "https://codex.wordpress.org/Version_4.7.3"
}
]
}
}

32
2017/6xxx/CVE-2017-6825.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6825",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6825",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2018/11xxx/CVE-2018-11137.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11137",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities"
}
]
}
}

118
2018/11xxx/CVE-2018-11364.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11364",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ChijinZ/security_advisories/tree/master/ReadStat-7bced5b",
"refsource" : "MISC",
"url" : "https://github.com/ChijinZ/security_advisories/tree/master/ReadStat-7bced5b"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ChijinZ/security_advisories/tree/master/ReadStat-7bced5b",
"refsource": "MISC",
"url": "https://github.com/ChijinZ/security_advisories/tree/master/ReadStat-7bced5b"
}
]
}
}

32
2018/11xxx/CVE-2018-11900.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11900",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11900",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/14xxx/CVE-2018-14011.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14011",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14011",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

168
2018/14xxx/CVE-2018-14368.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14368",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180729 [SECURITY] [DLA 1451-1] wireshark security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6c44312f465014eb409d766a9828b7f101f6251c",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6c44312f465014eb409d766a9828b7f101f6251c"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2018-40.html",
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-40.html"
},
{
"name" : "104847",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104847"
},
{
"name" : "1041608",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041608"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling items that are too long."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2018-40.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-40.html"
},
{
"name": "1041608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041608"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6c44312f465014eb409d766a9828b7f101f6251c",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6c44312f465014eb409d766a9828b7f101f6251c"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841"
},
{
"name": "[debian-lts-announce] 20180729 [SECURITY] [DLA 1451-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html"
},
{
"name": "104847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104847"
}
]
}
}

128
2018/14xxx/CVE-2018-14443.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hac425.unaux.com/index.php/archives/53/",
"refsource" : "MISC",
"url" : "http://hac425.unaux.com/index.php/archives/53/"
},
{
"name" : "https://github.com/ArchimedesCAD/libredwg/issues/6",
"refsource" : "MISC",
"url" : "https://github.com/ArchimedesCAD/libredwg/issues/6"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hac425.unaux.com/index.php/archives/53/",
"refsource": "MISC",
"url": "http://hac425.unaux.com/index.php/archives/53/"
},
{
"name": "https://github.com/ArchimedesCAD/libredwg/issues/6",
"refsource": "MISC",
"url": "https://github.com/ArchimedesCAD/libredwg/issues/6"
}
]
}
}

118
2018/14xxx/CVE-2018-14474.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14474",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa",
"refsource" : "MISC",
"url" : "https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa",
"refsource": "MISC",
"url": "https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa"
}
]
}
}

32
2018/14xxx/CVE-2018-14580.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14580",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14580",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/15xxx/CVE-2018-15017.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15017",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15017",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/15xxx/CVE-2018-15062.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15062",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15062",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/15xxx/CVE-2018-15221.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15221",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15221",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/15xxx/CVE-2018-15301.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15301",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15301",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/15xxx/CVE-2018-15729.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15729",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15729",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/20xxx/CVE-2018-20274.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20274",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20274",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

206
2018/8xxx/CVE-2018-8211.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8211",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8211",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8211"
},
{
"name" : "104326",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104326"
},
{
"name" : "1041098",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041098"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041098"
},
{
"name": "104326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104326"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8211",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8211"
}
]
}
}

32
2018/8xxx/CVE-2018-8713.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8713",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8713",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}