admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:12:01 +00:00
parent 5f283f636f
commit b6c1acc416
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3845 additions and 3845 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
2003/0xxx/CVE-2003-0946.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0946",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a \"MAIL FROM\" command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031112 SRT2003-11-11-1151 - clamav-milter remote exploit / DoS",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106867135830683&w=2"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=197038",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=197038"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a \"MAIL FROM\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=197038",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=197038"
},
{
"name": "20031112 SRT2003-11-11-1151 - clamav-milter remote exploit / DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106867135830683&w=2"
}
]
}
}

138
2003/1xxx/CVE-2003-1241.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1241",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030221 Myguestbook (PHP)",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0089.html"
},
{
"name" : "20030221 Myguestbook (PHP)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/312762"
},
{
"name" : "6906",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6906"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030221 Myguestbook (PHP)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/312762"
},
{
"name": "6906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6906"
},
{
"name": "20030221 Myguestbook (PHP)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0089.html"
}
]
}
}

138
2003/1xxx/CVE-2003-1363.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1363",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030212 Abyss WebServer Brute Force Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0149.html"
},
{
"name" : "6842",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6842"
},
{
"name" : "abyss-web-admin-bruteforce(11310)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/11310.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "abyss-web-admin-bruteforce(11310)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11310.php"
},
{
"name": "20030212 Abyss WebServer Brute Force Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0149.html"
},
{
"name": "6842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6842"
}
]
}
}

148
2003/1xxx/CVE-2003-1464.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1464",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Siemens 45 series mobile phones allows remote attackers to cause a denial of service (disconnect and unavailable inbox) via a Short Message Service (SMS) message with a long image name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030506 Siemens Mobile Phone - Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/320555"
},
{
"name" : "7507",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7507"
},
{
"name" : "3287",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3287"
},
{
"name" : "siemens-sms-image-bo(11950)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11950"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Siemens 45 series mobile phones allows remote attackers to cause a denial of service (disconnect and unavailable inbox) via a Short Message Service (SMS) message with a long image name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "siemens-sms-image-bo(11950)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11950"
},
{
"name": "20030506 Siemens Mobile Phone - Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/320555"
},
{
"name": "3287",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3287"
},
{
"name": "7507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7507"
}
]
}
}

148
2004/0xxx/CVE-2004-0087.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0087",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2004-01-26",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html"
},
{
"name" : "9504",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9504"
},
{
"name" : "6819",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6819"
},
{
"name" : "macosx-configd-file-manipulation(14997)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14997"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2004-01-26",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html"
},
{
"name": "macosx-configd-file-manipulation(14997)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14997"
},
{
"name": "9504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9504"
},
{
"name": "6819",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6819"
}
]
}
}

168
2004/0xxx/CVE-2004-0465.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via \"..//\" sequences in the WCP_USER parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050220 The WebConnect 6.4.4 and 6.5 contains several vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110910838600145&w=2"
},
{
"name" : "http://www.cirt.dk/advisories/cirt-29-advisory.pdf",
"refsource" : "MISC",
"url" : "http://www.cirt.dk/advisories/cirt-29-advisory.pdf"
},
{
"name" : "http://www.kb.cert.org/vuls/id/JSHA-69HVPK",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/JSHA-69HVPK"
},
{
"name" : "VU#628411",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/628411"
},
{
"name" : "14006",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14006/"
},
{
"name" : "webconnect-wcpuser-directory-traversal(19394)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19394"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via \"..//\" sequences in the WCP_USER parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#628411",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/628411"
},
{
"name": "http://www.kb.cert.org/vuls/id/JSHA-69HVPK",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/JSHA-69HVPK"
},
{
"name": "http://www.cirt.dk/advisories/cirt-29-advisory.pdf",
"refsource": "MISC",
"url": "http://www.cirt.dk/advisories/cirt-29-advisory.pdf"
},
{
"name": "20050220 The WebConnect 6.4.4 and 6.5 contains several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110910838600145&w=2"
},
{
"name": "webconnect-wcpuser-directory-traversal(19394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19394"
},
{
"name": "14006",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14006/"
}
]
}
}

238
2004/0xxx/CVE-2004-0788.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "CLA-2004:875",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875"
},
{
"name" : "DSA-546",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-546"
},
{
"name" : "FLSA:2005",
"refsource" : "FEDORA",
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2005"
},
{
"name" : "FLSA-2005:155510",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/419771/100/0/threaded"
},
{
"name" : "MDKSA-2004:095",
"refsource" : "MANDRAKE",
"url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095"
},
{
"name" : "MDKSA-2005:214",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:214"
},
{
"name" : "RHSA-2004:447",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-447.html"
},
{
"name" : "RHSA-2004:466",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-466.html"
},
{
"name" : "VU#577654",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/577654"
},
{
"name" : "11195",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11195"
},
{
"name" : "oval:org.mitre.oval:def:10506",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10506"
},
{
"name" : "17657",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17657"
},
{
"name" : "gtk-ico-integer-bo(17387)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17387"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FLSA:2005",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2005"
},
{
"name": "DSA-546",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-546"
},
{
"name": "RHSA-2004:466",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-466.html"
},
{
"name": "gtk-ico-integer-bo(17387)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17387"
},
{
"name": "MDKSA-2005:214",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:214"
},
{
"name": "FLSA-2005:155510",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/419771/100/0/threaded"
},
{
"name": "MDKSA-2004:095",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:095"
},
{
"name": "oval:org.mitre.oval:def:10506",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10506"
},
{
"name": "11195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11195"
},
{
"name": "RHSA-2004:447",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-447.html"
},
{
"name": "CLA-2004:875",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000875"
},
{
"name": "17657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17657"
},
{
"name": "VU#577654",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/577654"
}
]
}
}

378
2004/1xxx/CVE-2004-1125.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1125",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041221 Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities"
},
{
"name" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch"
},
{
"name" : "http://www.kde.org/info/security/advisory-20041223-1.txt",
"refsource" : "CONFIRM",
"url" : "http://www.kde.org/info/security/advisory-20041223-1.txt"
},
{
"name" : "20041228 KDE Security Advisory: kpdf Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?t=110378596500001&r=1&w=2"
},
{
"name" : "20041223 [USN-48-1] xpdf, tetex-bin vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html"
},
{
"name" : "CLA-2005:921",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921"
},
{
"name" : "FLSA:2353",
"refsource" : "FEDORA",
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2353"
},
{
"name" : "FLSA:2352",
"refsource" : "FEDORA",
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2352"
},
{
"name" : "GLSA-200412-25",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml"
},
{
"name" : "GLSA-200501-13",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-13.xml"
},
{
"name" : "GLSA-200501-17",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-17.xml"
},
{
"name" : "RHSA-2005:013",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-013.html"
},
{
"name" : "RHSA-2005:018",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-018.html"
},
{
"name" : "RHSA-2005:034",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-034.html"
},
{
"name" : "RHSA-2005:053",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-053.html"
},
{
"name" : "RHSA-2005:057",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-057.html"
},
{
"name" : "RHSA-2005:066",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-066.html"
},
{
"name" : "RHSA-2005:354",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-354.html"
},
{
"name" : "RHSA-2005:026",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-026.html"
},
{
"name" : "SCOSA-2005.42",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt"
},
{
"name" : "SUSE-SR:2005:001",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_01_sr.html"
},
{
"name" : "USN-50-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/50-1/"
},
{
"name" : "12070",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12070"
},
{
"name" : "oval:org.mitre.oval:def:10830",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10830"
},
{
"name" : "1012646",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1012646"
},
{
"name" : "17277",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17277"
},
{
"name" : "xpdf-gfx-doimage-bo(18641)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18641"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:013",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-013.html"
},
{
"name": "17277",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17277"
},
{
"name": "RHSA-2005:066",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-066.html"
},
{
"name": "RHSA-2005:034",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-034.html"
},
{
"name": "RHSA-2005:018",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-018.html"
},
{
"name": "FLSA:2352",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2352"
},
{
"name": "FLSA:2353",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2353"
},
{
"name": "1012646",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012646"
},
{
"name": "12070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12070"
},
{
"name": "http://www.kde.org/info/security/advisory-20041223-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20041223-1.txt"
},
{
"name": "xpdf-gfx-doimage-bo(18641)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18641"
},
{
"name": "GLSA-200501-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-17.xml"
},
{
"name": "RHSA-2005:026",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-026.html"
},
{
"name": "RHSA-2005:053",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-053.html"
},
{
"name": "USN-50-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/50-1/"
},
{
"name": "GLSA-200501-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-13.xml"
},
{
"name": "20041228 KDE Security Advisory: kpdf Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?t=110378596500001&r=1&w=2"
},
{
"name": "GLSA-200412-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml"
},
{
"name": "20041223 [USN-48-1] xpdf, tetex-bin vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html"
},
{
"name": "SUSE-SR:2005:001",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_01_sr.html"
},
{
"name": "RHSA-2005:354",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-354.html"
},
{
"name": "20041221 Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities"
},
{
"name": "oval:org.mitre.oval:def:10830",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10830"
},
{
"name": "SCOSA-2005.42",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt"
},
{
"name": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch"
},
{
"name": "CLA-2005:921",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921"
},
{
"name": "RHSA-2005:057",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-057.html"
}
]
}
}

148
2004/1xxx/CVE-2004-1210.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1210",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) part variables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041201 [KA Advisory 0411291] IPCop Cross Site Scripting Vulnerability in proxylog.dat",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110197682705001&w=2"
},
{
"name" : "http://www.kurczaba.com/html/security/0411291.htm",
"refsource" : "MISC",
"url" : "http://www.kurczaba.com/html/security/0411291.htm"
},
{
"name" : "11779",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11779"
},
{
"name" : "ipcop-proxylogdat-xss(18301)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18301"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) part variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kurczaba.com/html/security/0411291.htm",
"refsource": "MISC",
"url": "http://www.kurczaba.com/html/security/0411291.htm"
},
{
"name": "ipcop-proxylogdat-xss(18301)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18301"
},
{
"name": "11779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11779"
},
{
"name": "20041201 [KA Advisory 0411291] IPCop Cross Site Scripting Vulnerability in proxylog.dat",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110197682705001&w=2"
}
]
}
}

148
2004/2xxx/CVE-2004-2082.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading \"/\" (slash) characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040213 Sami FTP Server 1.1.3 multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/353753"
},
{
"name" : "http://www.karja.com/samiftp/news.html",
"refsource" : "MISC",
"url" : "http://www.karja.com/samiftp/news.html"
},
{
"name" : "9657",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9657"
},
{
"name" : "sami-cd-get-dos(15204)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15204"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading \"/\" (slash) characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040213 Sami FTP Server 1.1.3 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/353753"
},
{
"name": "9657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9657"
},
{
"name": "sami-cd-get-dos(15204)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15204"
},
{
"name": "http://www.karja.com/samiftp/news.html",
"refsource": "MISC",
"url": "http://www.karja.com/samiftp/news.html"
}
]
}
}

158
2004/2xxx/CVE-2004-2402.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2402",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040916 RE: www.proboards.com / YaBB XSS Vuln",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html"
},
{
"name" : "11215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11215"
},
{
"name" : "10242",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/10242"
},
{
"name" : "12593",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12593"
},
{
"name" : "yabb-board-xss(17452)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17452"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12593"
},
{
"name": "10242",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10242"
},
{
"name": "20040916 RE: www.proboards.com / YaBB XSS Vuln",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html"
},
{
"name": "yabb-board-xss(17452)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17452"
},
{
"name": "11215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11215"
}
]
}
}

148
2004/2xxx/CVE-2004-2412.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2412",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vpasp.com/virtprog/info/faq_securityfixes.htm",
"refsource" : "CONFIRM",
"url" : "http://www.vpasp.com/virtprog/info/faq_securityfixes.htm"
},
{
"name" : "9967",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9967"
},
{
"name" : "11201",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11201"
},
{
"name" : "vpasp-catalogid-sql-injection(15588)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15588"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11201"
},
{
"name": "9967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9967"
},
{
"name": "vpasp-catalogid-sql-injection(15588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15588"
},
{
"name": "http://www.vpasp.com/virtprog/info/faq_securityfixes.htm",
"refsource": "CONFIRM",
"url": "http://www.vpasp.com/virtprog/info/faq_securityfixes.htm"
}
]
}
}

32
2004/9xxx/CVE-2004-9999.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-9999",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been used as a placeholder by multiple organizations for multiple issues, but it is invalid. Notes: All CVE users should search CVE for the proper identifier. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2004-9999",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been used as a placeholder by multiple organizations for multiple issues, but it is invalid. Notes: All CVE users should search CVE for the proper identifier. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

158
2008/2xxx/CVE-2008-2161.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5563",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5563"
},
{
"name" : "29111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29111"
},
{
"name" : "ADV-2008-1468",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1468/references"
},
{
"name" : "30147",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30147"
},
{
"name" : "tftpserversp-errormessage-bo(42298)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42298"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30147",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30147"
},
{
"name": "tftpserversp-errormessage-bo(42298)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42298"
},
{
"name": "29111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29111"
},
{
"name": "ADV-2008-1468",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1468/references"
},
{
"name": "5563",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5563"
}
]
}
}

138
2008/2xxx/CVE-2008-2230.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2230",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484311",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484311"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484474",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484474"
},
{
"name" : "reportbug-searchpath-code-execution(43001)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43001"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "reportbug-searchpath-code-execution(43001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43001"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484311",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484311"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484474",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484474"
}
]
}
}

138
2008/2xxx/CVE-2008-2347.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2347",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to \"admin\" in a direct request to admin/addUser.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5650",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5650"
},
{
"name" : "29272",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29272"
},
{
"name" : "mypicgallery-adduser-security-bypass(42507)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42507"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to \"admin\" in a direct request to admin/addUser.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mypicgallery-adduser-security-bypass(42507)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42507"
},
{
"name": "5650",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5650"
},
{
"name": "29272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29272"
}
]
}
}

158
2008/2xxx/CVE-2008-2369.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2008:0630",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
},
{
"name" : "30679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30679"
},
{
"name" : "1020694",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020694"
},
{
"name" : "31493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31493"
},
{
"name" : "rhnss-manzier-information-disclosure(44452)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020694",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020694"
},
{
"name": "RHSA-2008:0630",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
},
{
"name": "31493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31493"
},
{
"name": "rhnss-manzier-information-disclosure(44452)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44452"
},
{
"name": "30679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30679"
}
]
}
}

138
2008/2xxx/CVE-2008-2495.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to have an unknown impact via a .. (dot dot) in the p parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080525 Zina 1.0rc3 Remote Directory Traversal Vulnerability & XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492593/100/0/threaded"
},
{
"name" : "29367",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29367"
},
{
"name" : "zina-index-file-include(42641)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42641"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows remote attackers to have an unknown impact via a .. (dot dot) in the p parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zina-index-file-include(42641)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42641"
},
{
"name": "20080525 Zina 1.0rc3 Remote Directory Traversal Vulnerability & XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492593/100/0/threaded"
},
{
"name": "29367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29367"
}
]
}
}

148
2008/6xxx/CVE-2008-6080.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6080",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6809",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6809"
},
{
"name" : "31877",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31877"
},
{
"name" : "32377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32377"
},
{
"name" : "ionfiles-download-directory-traversal(46039)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46039"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32377"
},
{
"name": "31877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31877"
},
{
"name": "6809",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6809"
},
{
"name": "ionfiles-download-directory-traversal(46039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46039"
}
]
}
}

148
2008/6xxx/CVE-2008-6462.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6462",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
},
{
"name" : "31257",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31257"
},
{
"name" : "48278",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/48278"
},
{
"name" : "myquizpoll-unspecified-sql-injection(45262)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45262"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31257"
},
{
"name": "48278",
"refsource": "OSVDB",
"url": "http://osvdb.org/48278"
},
{
"name": "myquizpoll-unspecified-sql-injection(45262)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45262"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080919-1/"
}
]
}
}

158
2008/6xxx/CVE-2008-6575.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.voipshield.com/research-details.php?id=23",
"refsource" : "MISC",
"url" : "http://www.voipshield.com/research-details.php?id=23"
},
{
"name" : "44287",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/44287"
},
{
"name" : "29744",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29744"
},
{
"name" : "avaya-ses-unspecified-unauthorized-access(41734)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name" : "avaya-ses-unspecified-dos(49849)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "avaya-ses-unspecified-dos(49849)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49849"
},
{
"name": "avaya-ses-unspecified-unauthorized-access(41734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41734"
},
{
"name": "44287",
"refsource": "OSVDB",
"url": "http://osvdb.org/44287"
},
{
"name": "http://www.voipshield.com/research-details.php?id=23",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=23"
},
{
"name": "29744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29744"
}
]
}
}

178
2012/1xxx/CVE-2012-1602.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1602",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120327 [waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0135.html"
},
{
"name" : "[oss-security] 20120329 CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/29/8"
},
{
"name" : "[oss-security] 20120329 Re: CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/30/2"
},
{
"name" : "http://packetstormsecurity.org/files/111250/NextBBS-0.6.0-Authentication-Bypass-SQL-Injection-XSS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/111250/NextBBS-0.6.0-Authentication-Bypass-SQL-Injection-XSS.html"
},
{
"name" : "http://www.waraxe.us/advisory-80.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-80.html"
},
{
"name" : "52728",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52728"
},
{
"name" : "80626",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/80626"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "user.php in NextBBS 0.6 allows remote attackers to bypass authentication and gain administrator access by setting the userkey cookie to 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120329 Re: CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/30/2"
},
{
"name": "80626",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80626"
},
{
"name": "52728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52728"
},
{
"name": "20120327 [waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0135.html"
},
{
"name": "http://www.waraxe.us/advisory-80.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-80.html"
},
{
"name": "http://packetstormsecurity.org/files/111250/NextBBS-0.6.0-Authentication-Bypass-SQL-Injection-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111250/NextBBS-0.6.0-Authentication-Bypass-SQL-Injection-XSS.html"
},
{
"name": "[oss-security] 20120329 CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/8"
}
]
}
}

168
2012/1xxx/CVE-2012-1841.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8",
"refsource" : "MISC",
"url" : "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8"
},
{
"name" : "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY",
"refsource" : "MISC",
"url" : "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY"
},
{
"name" : "VU#913483",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/913483"
},
{
"name" : "80226",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80226"
},
{
"name" : "48403",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48403"
},
{
"name" : "48453",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48453"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48453"
},
{
"name": "VU#913483",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/913483"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY"
},
{
"name": "80226",
"refsource": "OSVDB",
"url": "http://osvdb.org/80226"
},
{
"name": "48403",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48403"
}
]
}
}

348
2012/1xxx/CVE-2012-1963.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1963",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-53.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-53.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=767778",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=767778"
},
{
"name" : "RHSA-2012:1088",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1088.html"
},
{
"name" : "openSUSE-SU-2012:0899",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html"
},
{
"name" : "openSUSE-SU-2012:0917",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html"
},
{
"name" : "SUSE-SU-2012:0895",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html"
},
{
"name" : "SUSE-SU-2012:0896",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html"
},
{
"name" : "USN-1509-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1509-1"
},
{
"name" : "USN-1509-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1509-2"
},
{
"name" : "USN-1510-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1510-1"
},
{
"name" : "54582",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54582"
},
{
"name" : "84005",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/84005"
},
{
"name" : "oval:org.mitre.oval:def:17056",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17056"
},
{
"name" : "1027256",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027256"
},
{
"name" : "1027257",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027257"
},
{
"name" : "1027258",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027258"
},
{
"name" : "49965",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49965"
},
{
"name" : "49972",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49972"
},
{
"name" : "49992",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49992"
},
{
"name" : "49968",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49968"
},
{
"name" : "49977",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49977"
},
{
"name" : "49979",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49979"
},
{
"name" : "49993",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49993"
},
{
"name" : "49994",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49994"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49977"
},
{
"name": "49992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49992"
},
{
"name": "1027256",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027256"
},
{
"name": "RHSA-2012:1088",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1088.html"
},
{
"name": "USN-1509-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1509-2"
},
{
"name": "1027258",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027258"
},
{
"name": "49979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49979"
},
{
"name": "SUSE-SU-2012:0895",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html"
},
{
"name": "USN-1510-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1510-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=767778",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=767778"
},
{
"name": "49965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49965"
},
{
"name": "1027257",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027257"
},
{
"name": "openSUSE-SU-2012:0917",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html"
},
{
"name": "oval:org.mitre.oval:def:17056",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17056"
},
{
"name": "84005",
"refsource": "OSVDB",
"url": "http://osvdb.org/84005"
},
{
"name": "SUSE-SU-2012:0896",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html"
},
{
"name": "49994",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49994"
},
{
"name": "openSUSE-SU-2012:0899",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html"
},
{
"name": "49968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49968"
},
{
"name": "USN-1509-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1509-1"
},
{
"name": "54582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54582"
},
{
"name": "49993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49993"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-53.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-53.html"
},
{
"name": "49972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49972"
}
]
}
}

32
2012/5xxx/CVE-2012-5008.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5008",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5008",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

188
2012/5xxx/CVE-2012-5603.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the \"consumer UUID\" of a system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=882129",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=882129"
},
{
"name" : "RHSA-2012:1543",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1543.html"
},
{
"name" : "RHSA-2013:0544",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
},
{
"name" : "56819",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56819"
},
{
"name" : "88140",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/88140"
},
{
"name" : "88142",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/88142"
},
{
"name" : "51472",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51472"
},
{
"name" : "cloudforms-katello-sec-bypass(80549)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80549"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the \"consumer UUID\" of a system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cloudforms-katello-sec-bypass(80549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80549"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=882129",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=882129"
},
{
"name": "88140",
"refsource": "OSVDB",
"url": "http://osvdb.org/88140"
},
{
"name": "51472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51472"
},
{
"name": "88142",
"refsource": "OSVDB",
"url": "http://osvdb.org/88142"
},
{
"name": "RHSA-2012:1543",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1543.html"
},
{
"name": "56819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56819"
},
{
"name": "RHSA-2013:0544",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
}
]
}
}

32
2012/5xxx/CVE-2012-5724.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5724",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5724",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2012/5xxx/CVE-2012-5825.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource" : "MISC",
"url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
},
{
"name" : "tweepy-ssl-spoofing(79831)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79831"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tweepy-ssl-spoofing(79831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79831"
},
{
"name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf",
"refsource": "MISC",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
]
}
}

32
2017/11xxx/CVE-2017-11370.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11370",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11370",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2017/11xxx/CVE-2017-11484.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11484",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-11484",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

32
2017/11xxx/CVE-2017-11618.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11618",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11618",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/11xxx/CVE-2017-11821.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-10-10T00:00:00",
"ID" : "CVE-2017-11821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ChakraCore, Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "ChakraCore, Microsoft Windows 10 1703."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, and CVE-2017-11812."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ChakraCore, Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "ChakraCore, Microsoft Windows 10 1703."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11821",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11821"
},
{
"name" : "101123",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101123"
},
{
"name" : "1039529",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039529"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, and CVE-2017-11812."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039529",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039529"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11821",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11821"
},
{
"name": "101123",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101123"
}
]
}
}

128
2017/15xxx/CVE-2017-15665.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43454",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43454/"
},
{
"name" : "http://packetstormsecurity.com/files/145756/DiskBoss-Enterprise-8.5.12-Denial-Of-Service.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/145756/DiskBoss-Enterprise-8.5.12-Denial-Of-Service.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43454",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43454/"
},
{
"name": "http://packetstormsecurity.com/files/145756/DiskBoss-Enterprise-8.5.12-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145756/DiskBoss-Enterprise-8.5.12-Denial-Of-Service.html"
}
]
}
}

118
2017/15xxx/CVE-2017-15874.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15874",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.busybox.net/show_bug.cgi?id=10436",
"refsource" : "MISC",
"url" : "https://bugs.busybox.net/show_bug.cgi?id=10436"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.busybox.net/show_bug.cgi?id=10436",
"refsource": "MISC",
"url": "https://bugs.busybox.net/show_bug.cgi?id=10436"
}
]
}
}

138
2017/3xxx/CVE-2017-3015.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 parsing functionality. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
},
{
"name" : "97556",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97556"
},
{
"name" : "1038228",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038228"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 parsing functionality. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038228",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038228"
},
{
"name": "97556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97556"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
}
]
}
}

138
2017/3xxx/CVE-2017-3055.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in JPEG 2000 parsing of the fragment list tag. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
},
{
"name" : "97549",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97549"
},
{
"name" : "1038228",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038228"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in JPEG 2000 parsing of the fragment list tag. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038228",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038228"
},
{
"name": "97549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97549"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
}
]
}
}

148
2017/3xxx/CVE-2017-3527.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise PT PeopleTools",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.54"
},
{
"version_affected" : "=",
"version_value" : "8.55"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.54"
},
{
"version_affected": "=",
"version_value": "8.55"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "97874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97874"
},
{
"name" : "1038301",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038301"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038301",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038301"
},
{
"name": "97874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97874"
}
]
}
}

32
2017/3xxx/CVE-2017-3657.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3657",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-3657",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2017/3xxx/CVE-2017-3906.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3906",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-3906",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2017/3xxx/CVE-2017-3958.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3958",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3958",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

120
2017/8xxx/CVE-2017-8161.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-8161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "EVA-L09",
"version" : {
"version_data" : [
{
"version_value" : "Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions have Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Swype and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "FRP bypass"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "EVA-L09",
"version": {
"version_data": [
{
"version_value": "Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171013-01-frpbypass-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171013-01-frpbypass-en"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D003 versions,Earlier than EVA-L09C440B140 versions,Earlier than EVA-L09C464B361 versions,Earlier than EVA-L09C675B320CUSTC675D004 versions have Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the Swype and can perform some operations to update the Google account. As a result, the FRP function is bypassed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "FRP bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171013-01-frpbypass-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171013-01-frpbypass-en"
}
]
}
}

128
2017/8xxx/CVE-2017-8276.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-8276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper authorization involving a fuse in TrustZone in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Authorization in TrustZone"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-8276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name" : "106128",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106128"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization involving a fuse in TrustZone in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name": "106128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106128"
}
]
}
}

150
2017/8xxx/CVE-2017-8653.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-8653",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Internet Explorer",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly accessing objects in memory, aka \"Microsoft Browser Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8669."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-8653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8653",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8653"
},
{
"name" : "100059",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100059"
},
{
"name" : "1039094",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039094"
},
{
"name" : "1039095",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039095"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly accessing objects in memory, aka \"Microsoft Browser Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8669."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100059",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100059"
},
{
"name": "1039095",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039095"
},
{
"name": "1039094",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039094"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8653",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8653"
}
]
}
}

32
2018/10xxx/CVE-2018-10815.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10815",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10815",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/12xxx/CVE-2018-12147.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12147",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12147",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

370
2018/12xxx/CVE-2018-12363.json
View File

@ -1,188 +1,188 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2018-12363",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "60"
},
{
"version_affected" : "<",
"version_value" : "52.9"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "60.1"
},
{
"version_affected" : "<",
"version_value" : "52.9"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "61"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free when appending DOM nodes"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-12363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "60"
},
{
"version_affected": "<",
"version_value": "52.9"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "60.1"
},
{
"version_affected": "<",
"version_value": "52.9"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "61"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
},
{
"name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1464784",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1464784"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-15/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-16/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-17/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-18/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-18/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-19/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"name" : "DSA-4235",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4235"
},
{
"name" : "DSA-4244",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4244"
},
{
"name" : "GLSA-201810-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201810-01"
},
{
"name" : "GLSA-201811-13",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-13"
},
{
"name" : "RHSA-2018:2112",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"name" : "RHSA-2018:2113",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"name" : "RHSA-2018:2251",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2251"
},
{
"name" : "RHSA-2018:2252",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2252"
},
{
"name" : "USN-3705-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3705-1/"
},
{
"name" : "USN-3714-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3714-1/"
},
{
"name" : "104560",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104560"
},
{
"name" : "1041193",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041193"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use-after-free when appending DOM nodes"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-15/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name": "RHSA-2018:2112",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2112"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "DSA-4235",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4235"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-18/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-18/"
},
{
"name": "RHSA-2018:2113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-16/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name": "DSA-4244",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4244"
},
{
"name": "104560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104560"
},
{
"name": "1041193",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041193"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-19/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"name": "RHSA-2018:2252",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2252"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-17/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-17/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1425-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00013.html"
},
{
"name": "RHSA-2018:2251",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2251"
},
{
"name": "USN-3705-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1464784",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1464784"
},
{
"name": "USN-3714-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3714-1/"
},
{
"name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1406-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00014.html"
}
]
}
}

264
2018/12xxx/CVE-2018-12367.json
View File

@ -1,135 +1,135 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2018-12367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "60"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "60.1"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "61"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Timing attack mitigation of PerformanceNavigationTiming"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-12367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "60"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "60.1"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "61"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1462891",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1462891"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-15/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-16/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-19/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"name" : "DSA-4295",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4295"
},
{
"name" : "GLSA-201810-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201810-01"
},
{
"name" : "GLSA-201811-13",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-13"
},
{
"name" : "USN-3705-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3705-1/"
},
{
"name" : "104561",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104561"
},
{
"name" : "1041193",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041193"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the previous mitigations for Spectre, the resolution or precision of various methods was reduced to counteract the ability to measure precise time intervals. In that work PerformanceNavigationTiming was not adjusted but it was found that it could be used as a precision timer. This vulnerability affects Thunderbird < 60, Firefox ESR < 60.1, and Firefox < 61."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Timing attack mitigation of PerformanceNavigationTiming"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-15/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-15/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1462891",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1462891"
},
{
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "DSA-4295",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4295"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-16/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-16/"
},
{
"name": "1041193",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041193"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-19/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-19/"
},
{
"name": "USN-3705-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3705-1/"
},
{
"name": "104561",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104561"
}
]
}
}

138
2018/12xxx/CVE-2018-12863.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-12863",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader",
"version" : {
"version_data" : [
{
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-12863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader",
"version": {
"version_data": [
{
"version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"name" : "105441",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105441"
},
{
"name" : "1041809",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041809"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"name": "105441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105441"
}
]
}
}

118
2018/13xxx/CVE-2018-13010.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13010",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wstmall/wstmall/issues/4",
"refsource" : "MISC",
"url" : "https://github.com/wstmall/wstmall/issues/4"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wstmall/wstmall/issues/4",
"refsource": "MISC",
"url": "https://github.com/wstmall/wstmall/issues/4"
}
]
}
}

32
2018/13xxx/CVE-2018-13267.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13267",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-13267",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

128
2018/13xxx/CVE-2018-13578.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for GalaxyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GalaxyCoin",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GalaxyCoin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for GalaxyCoin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GalaxyCoin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/GalaxyCoin"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

128
2018/13xxx/CVE-2018-13595.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for BitStore, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BitStore",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BitStore"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for BitStore, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BitStore",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BitStore"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

128
2018/13xxx/CVE-2018-13664.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13664",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for CWS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CWS",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CWS"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for CWS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CWS",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CWS"
}
]
}
}

118
2018/16xxx/CVE-2018-16316.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16316",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/portainer/portainer/commit/1ad150c99460a35224d6adfe48ddda9ee056b7d2",
"refsource" : "MISC",
"url" : "https://github.com/portainer/portainer/commit/1ad150c99460a35224d6adfe48ddda9ee056b7d2"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/portainer/portainer/commit/1ad150c99460a35224d6adfe48ddda9ee056b7d2",
"refsource": "MISC",
"url": "https://github.com/portainer/portainer/commit/1ad150c99460a35224d6adfe48ddda9ee056b7d2"
}
]
}
}

32
2018/16xxx/CVE-2018-16907.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16907",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16907",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2018/17xxx/CVE-2018-17110.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17110",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45328",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45328/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45328",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45328/"
}
]
}
}

32
2018/17xxx/CVE-2018-17222.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17222",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17222",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2018/17xxx/CVE-2018-17781.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17781",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "MISC",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name" : "1041769",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041769"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Foxit PhantomPDF and Reader before 9.3 allow remote attackers to trigger Uninitialized Object Information Disclosure because creation of ArrayBuffer and DataView objects is mishandled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "MISC",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "1041769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041769"
}
]
}
}