admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:11:34 +00:00
parent feddeddd8c
commit d906fc0b31
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 4064 additions and 4064 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
2003/0xxx/CVE-2003-0439.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0439",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2003-0439",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
}
]
}
}

380
2003/0xxx/CVE-2003-0466.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030731 wu-ftpd fb_realpath() off-by-one bug",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105967301604815&w=2"
},
{
"name" : "20030731 wu-ftpd fb_realpath() off-by-one bug",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html"
},
{
"name" : "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt",
"refsource" : "MISC",
"url" : "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt"
},
{
"name" : "20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106002488209129&w=2"
},
{
"name" : "20030804 wu-ftpd-2.6.2 off-by-one remote exploit.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106001702232325&w=2"
},
{
"name" : "RHSA-2003:245",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-245.html"
},
{
"name" : "RHSA-2003:246",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-246.html"
},
{
"name" : "1001257",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1"
},
{
"name" : "SuSE-SA:2003:032",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html"
},
{
"name" : "MDKSA-2003:080",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080"
},
{
"name" : "DSA-357",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-357"
},
{
"name" : "FreeBSD-SA-03:08",
"refsource" : "FREEBSD",
"url" : "http://marc.info/?l=bugtraq&m=106001410028809&w=2"
},
{
"name" : "NetBSD-SA2003-011.txt.asc",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc"
},
{
"name" : "TLSA-2003-46",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.com/security/TLSA-2003-46.txt"
},
{
"name" : "IMNX-2003-7+-019-01",
"refsource" : "IMMUNIX",
"url" : "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01"
},
{
"name" : "20060213 Latest wu-ftpd exploit :-s",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/424852/100/0/threaded"
},
{
"name" : "20060214 Re: Latest wu-ftpd exploit :-s",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/425061/100/0/threaded"
},
{
"name" : "VU#743092",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/743092"
},
{
"name" : "8315",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8315"
},
{
"name" : "6602",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6602"
},
{
"name" : "oval:org.mitre.oval:def:1970",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970"
},
{
"name" : "1007380",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1007380"
},
{
"name" : "9423",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/9423"
},
{
"name" : "9446",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/9446"
},
{
"name" : "9447",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/9447"
},
{
"name" : "9535",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/9535"
},
{
"name" : "libc-realpath-offbyone-bo(12785)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106002488209129&w=2"
},
{
"name": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt",
"refsource": "MISC",
"url": "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt"
},
{
"name": "9446",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9446"
},
{
"name": "6602",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6602"
},
{
"name": "oval:org.mitre.oval:def:1970",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970"
},
{
"name": "20060213 Latest wu-ftpd exploit :-s",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/424852/100/0/threaded"
},
{
"name": "8315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8315"
},
{
"name": "9423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9423"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105967301604815&w=2"
},
{
"name": "20030731 wu-ftpd fb_realpath() off-by-one bug",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html"
},
{
"name": "IMNX-2003-7+-019-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01"
},
{
"name": "RHSA-2003:246",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-246.html"
},
{
"name": "20060214 Re: Latest wu-ftpd exploit :-s",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/425061/100/0/threaded"
},
{
"name": "VU#743092",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/743092"
},
{
"name": "RHSA-2003:245",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-245.html"
},
{
"name": "SuSE-SA:2003:032",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html"
},
{
"name": "1001257",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1"
},
{
"name": "DSA-357",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-357"
},
{
"name": "20030804 wu-ftpd-2.6.2 off-by-one remote exploit.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106001702232325&w=2"
},
{
"name": "1007380",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007380"
},
{
"name": "MDKSA-2003:080",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080"
},
{
"name": "libc-realpath-offbyone-bo(12785)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785"
},
{
"name": "FreeBSD-SA-03:08",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq&m=106001410028809&w=2"
},
{
"name": "TLSA-2003-46",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-46.txt"
},
{
"name": "NetBSD-SA2003-011.txt.asc",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc"
},
{
"name": "9535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9535"
},
{
"name": "9447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9447"
}
]
}
}

270
2003/0xxx/CVE-2003-0544.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0544",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm",
"refsource" : "MISC",
"url" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
},
{
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
},
{
"name" : "RHSA-2003:291",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-291.html"
},
{
"name" : "RHSA-2003:292",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-292.html"
},
{
"name" : "ESA-20030930-027",
"refsource" : "ENGARDE",
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
},
{
"name" : "DSA-393",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-393"
},
{
"name" : "DSA-394",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-394"
},
{
"name" : "201029",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
},
{
"name" : "CA-2003-26",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2003-26.html"
},
{
"name" : "VU#380864",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/380864"
},
{
"name" : "8732",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8732"
},
{
"name" : "ADV-2006-3900",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3900"
},
{
"name" : "oval:org.mitre.oval:def:4574",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574"
},
{
"name" : "22249",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22249"
},
{
"name" : "openssl-asn1-sslclient-dos(43041)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2003:292",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-292.html"
},
{
"name": "oval:org.mitre.oval:def:4574",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574"
},
{
"name": "VU#380864",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/380864"
},
{
"name": "openssl-asn1-sslclient-dos(43041)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041"
},
{
"name": "ADV-2006-3900",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3900"
},
{
"name": "DSA-393",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-393"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247112"
},
{
"name": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm"
},
{
"name": "DSA-394",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-394"
},
{
"name": "RHSA-2003:291",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-291.html"
},
{
"name": "CA-2003-26",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-26.html"
},
{
"name": "22249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22249"
},
{
"name": "8732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8732"
},
{
"name": "201029",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893"
},
{
"name": "ESA-20030930-027",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html"
}
]
}
}

170
2003/0xxx/CVE-2003-0772.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0772",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030906 Remote and Local Vulnerabilities In WS_FTP Server",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106288825902868&w=2"
},
{
"name" : "VU#219140",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/219140"
},
{
"name" : "VU#792284",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/792284"
},
{
"name" : "8542",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8542"
},
{
"name" : "9671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/9671"
},
{
"name" : "wsftp-ftp-command-bo(13119)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13119"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030906 Remote and Local Vulnerabilities In WS_FTP Server",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106288825902868&w=2"
},
{
"name": "8542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8542"
},
{
"name": "VU#219140",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/219140"
},
{
"name": "VU#792284",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/792284"
},
{
"name": "wsftp-ftp-command-bo(13119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13119"
},
{
"name": "9671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9671"
}
]
}
}

200
2003/0xxx/CVE-2003-0806.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0806",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS04-011",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011"
},
{
"name" : "TA04-104A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html"
},
{
"name" : "VU#471260",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/471260"
},
{
"name" : "O-114",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml"
},
{
"name" : "10126",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10126"
},
{
"name" : "oval:org.mitre.oval:def:1054",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1054"
},
{
"name" : "oval:org.mitre.oval:def:895",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A895"
},
{
"name" : "oval:org.mitre.oval:def:896",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A896"
},
{
"name" : "win-winlogon-bo(15702)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15702"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "O-114",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-114.shtml"
},
{
"name": "10126",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10126"
},
{
"name": "oval:org.mitre.oval:def:1054",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1054"
},
{
"name": "MS04-011",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011"
},
{
"name": "win-winlogon-bo(15702)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15702"
},
{
"name": "oval:org.mitre.oval:def:896",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A896"
},
{
"name": "TA04-104A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-104A.html"
},
{
"name": "oval:org.mitre.oval:def:895",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A895"
},
{
"name": "VU#471260",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/471260"
}
]
}
}

170
2003/1xxx/CVE-2003-1336.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1336",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031015 mIRC Buffer Overflow in irc protocol handler",
"refsource" : "NTBUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0060.html"
},
{
"name" : "http://www.securiteam.com/windowsntfocus/6M00B0U8KE.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/windowsntfocus/6M00B0U8KE.html"
},
{
"name" : "8819",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8819"
},
{
"name" : "2665",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/2665"
},
{
"name" : "9996",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/9996"
},
{
"name" : "mirc-ircprotocol-execute-code(13405)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13405"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031015 mIRC Buffer Overflow in irc protocol handler",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0060.html"
},
{
"name": "2665",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2665"
},
{
"name": "http://www.securiteam.com/windowsntfocus/6M00B0U8KE.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/6M00B0U8KE.html"
},
{
"name": "9996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9996"
},
{
"name": "mirc-ircprotocol-execute-code(13405)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13405"
},
{
"name": "8819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8819"
}
]
}
}

200
2003/1xxx/CVE-2003-1545.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1545",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030325 PHPNuke viewpage.php allows Remote File retrieving",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/316179/30/25340/threaded"
},
{
"name" : "20030325 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/316198/30/25340/threaded"
},
{
"name" : "20030325 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/316233/30/25340/threaded"
},
{
"name" : "20030325 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/316341/30/25310/threaded"
},
{
"name" : "20030325 Re: PHPNuke viewpage.php and another SQL injections",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/316209/30/25340/threaded"
},
{
"name" : "20030326 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/316327/30/25340/threaded"
},
{
"name" : "20030327 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/316585/30/25310/threaded"
},
{
"name" : "7191",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7191"
},
{
"name" : "1006377",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1006377"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030325 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316341/30/25310/threaded"
},
{
"name": "20030325 Re: PHPNuke viewpage.php and another SQL injections",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316209/30/25340/threaded"
},
{
"name": "20030327 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316585/30/25310/threaded"
},
{
"name": "20030325 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316198/30/25340/threaded"
},
{
"name": "20030326 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316327/30/25340/threaded"
},
{
"name": "20030325 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316233/30/25340/threaded"
},
{
"name": "7191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7191"
},
{
"name": "1006377",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1006377"
},
{
"name": "20030325 PHPNuke viewpage.php allows Remote File retrieving",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316179/30/25340/threaded"
}
]
}
}

130
2003/1xxx/CVE-2003-1605.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://curl.haxx.se/docs/CVE-2003-1605.html",
"refsource" : "MISC",
"url" : "https://curl.haxx.se/docs/CVE-2003-1605.html"
},
{
"name" : "8432",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8432"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://curl.haxx.se/docs/CVE-2003-1605.html",
"refsource": "MISC",
"url": "https://curl.haxx.se/docs/CVE-2003-1605.html"
},
{
"name": "8432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8432"
}
]
}
}

160
2004/0xxx/CVE-2004-0188.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040227 Calife heap corrupt / potential local root exploit",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107789737832092&w=2"
},
{
"name" : "DSA-461",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-461"
},
{
"name" : "9756",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9756"
},
{
"name" : "9776",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9776"
},
{
"name" : "calife-long-password-bo(15335)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15335"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9756"
},
{
"name": "9776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9776"
},
{
"name": "DSA-461",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-461"
},
{
"name": "20040227 Calife heap corrupt / potential local root exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107789737832092&w=2"
},
{
"name": "calife-long-password-bo(15335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15335"
}
]
}
}

170
2004/0xxx/CVE-2004-0276.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of \"%\" characters and a missing Host field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040211 Denial of Service in Monkey httpd <= 0.8.1",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107652610506968&w=2"
},
{
"name" : "http://aluigi.altervista.org/poc/monkeydos.zip",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/poc/monkeydos.zip"
},
{
"name" : "http://monkeyd.sourceforge.net/",
"refsource" : "CONFIRM",
"url" : "http://monkeyd.sourceforge.net/"
},
{
"name" : "monkey-getrealstring-dos(15187)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15187"
},
{
"name" : "9642",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9642"
},
{
"name" : "3921",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3921"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of \"%\" characters and a missing Host field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "monkey-getrealstring-dos(15187)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15187"
},
{
"name": "20040211 Denial of Service in Monkey httpd <= 0.8.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107652610506968&w=2"
},
{
"name": "9642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9642"
},
{
"name": "http://aluigi.altervista.org/poc/monkeydos.zip",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/poc/monkeydos.zip"
},
{
"name": "http://monkeyd.sourceforge.net/",
"refsource": "CONFIRM",
"url": "http://monkeyd.sourceforge.net/"
},
{
"name": "3921",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3921"
}
]
}
}

150
2004/0xxx/CVE-2004-0437.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0437",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a \"LIST -L\" command, which causes Titan to access an invalid socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040505 Titan FTP Server Aborted LIST DoS",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108378048513596&w=2"
},
{
"name" : "20040505 Titan FTP Server Aborted LIST DoS",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0025.html"
},
{
"name" : "http://www.securiteam.com/windowsntfocus/5RP0215CUU.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/windowsntfocus/5RP0215CUU.html"
},
{
"name" : "titan-list-command-dos(16057)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16057"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a \"LIST -L\" command, which causes Titan to access an invalid socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "titan-list-command-dos(16057)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16057"
},
{
"name": "http://www.securiteam.com/windowsntfocus/5RP0215CUU.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5RP0215CUU.html"
},
{
"name": "20040505 Titan FTP Server Aborted LIST DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108378048513596&w=2"
},
{
"name": "20040505 Titan FTP Server Aborted LIST DoS",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q2/0025.html"
}
]
}
}

290
2004/0xxx/CVE-2004-0492.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0492",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040610 Buffer overflow in apache mod_proxy,yet still apache much better than windows",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/lists/fulldisclosure/2004/Jun/0296.html"
},
{
"name" : "http://www.guninski.com/modproxy1.html",
"refsource" : "MISC",
"url" : "http://www.guninski.com/modproxy1.html"
},
{
"name" : "20040611 [OpenPKG-SA-2004.029] OpenPKG Security Advisory (apache)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108711172710140&w=2"
},
{
"name" : "DSA-525",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-525"
},
{
"name" : "FLSA:1737",
"refsource" : "FEDORA",
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1737"
},
{
"name" : "HPSBOV02683",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name" : "SSRT090208",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name" : "MDKSA-2004:065",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:065"
},
{
"name" : "RHSA-2004:245",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2004-245.html"
},
{
"name" : "20040605-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name" : "57628",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1"
},
{
"name" : "101555",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1"
},
{
"name" : "101841",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1"
},
{
"name" : "VU#541310",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/541310"
},
{
"name" : "oval:org.mitre.oval:def:4863",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4863"
},
{
"name" : "oval:org.mitre.oval:def:100112",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100112"
},
{
"name" : "11841",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11841"
},
{
"name" : "apache-modproxy-contentlength-bo(16387)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16387"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040611 [OpenPKG-SA-2004.029] OpenPKG Security Advisory (apache)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108711172710140&w=2"
},
{
"name": "FLSA:1737",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1737"
},
{
"name": "RHSA-2004:245",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2004-245.html"
},
{
"name": "SSRT090208",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name": "http://www.guninski.com/modproxy1.html",
"refsource": "MISC",
"url": "http://www.guninski.com/modproxy1.html"
},
{
"name": "57628",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1"
},
{
"name": "20040610 Buffer overflow in apache mod_proxy,yet still apache much better than windows",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2004/Jun/0296.html"
},
{
"name": "oval:org.mitre.oval:def:100112",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100112"
},
{
"name": "MDKSA-2004:065",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:065"
},
{
"name": "oval:org.mitre.oval:def:4863",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4863"
},
{
"name": "101555",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1"
},
{
"name": "20040605-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc"
},
{
"name": "DSA-525",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-525"
},
{
"name": "HPSBOV02683",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name": "VU#541310",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/541310"
},
{
"name": "101841",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1"
},
{
"name": "11841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11841"
},
{
"name": "apache-modproxy-contentlength-bo(16387)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16387"
}
]
}
}

150
2004/0xxx/CVE-2004-0787.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA 0.9.1-8 and earlier, and 0.9.2 RC6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the form input fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040906 OpenCA Security Advisory: Cross Site Scripting vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109448767123954&w=2"
},
{
"name" : "http://www.openca.org/news/CAN-2004-0787.txt",
"refsource" : "CONFIRM",
"url" : "http://www.openca.org/news/CAN-2004-0787.txt"
},
{
"name" : "openca-frontend-xss(17274)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17274"
},
{
"name" : "11113",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11113"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA 0.9.1-8 and earlier, and 0.9.2 RC6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the form input fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openca.org/news/CAN-2004-0787.txt",
"refsource": "CONFIRM",
"url": "http://www.openca.org/news/CAN-2004-0787.txt"
},
{
"name": "20040906 OpenCA Security Advisory: Cross Site Scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109448767123954&w=2"
},
{
"name": "11113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11113"
},
{
"name": "openca-frontend-xss(17274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17274"
}
]
}
}

150
2004/0xxx/CVE-2004-0950.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetOp Host before 7.65 build 2004278 allows remote attackers to obtain sensitive hostname, username and local IP address information via (1) a NetOp HELO request, or (2) when responses are disabled, a \"custom\" HELO request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041119 Corsaire Security Advisory - Danware NetOp Host multiple information disclosure issues",
"refsource" : "BUGTRAQ",
"url" : "http://msgs.securepoint.com/cgi-bin/get/bugtraq0411/213.html"
},
{
"name" : "http://www.corsaire.com/advisories/c040619-001.txt",
"refsource" : "MISC",
"url" : "http://www.corsaire.com/advisories/c040619-001.txt"
},
{
"name" : "11710",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11710"
},
{
"name" : "danware-helo-obtain-information(18171)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18171"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetOp Host before 7.65 build 2004278 allows remote attackers to obtain sensitive hostname, username and local IP address information via (1) a NetOp HELO request, or (2) when responses are disabled, a \"custom\" HELO request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.corsaire.com/advisories/c040619-001.txt",
"refsource": "MISC",
"url": "http://www.corsaire.com/advisories/c040619-001.txt"
},
{
"name": "danware-helo-obtain-information(18171)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18171"
},
{
"name": "20041119 Corsaire Security Advisory - Danware NetOp Host multiple information disclosure issues",
"refsource": "BUGTRAQ",
"url": "http://msgs.securepoint.com/cgi-bin/get/bugtraq0411/213.html"
},
{
"name": "11710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11710"
}
]
}
}

140
2004/2xxx/CVE-2004-2004.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2004",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SuSE-SA:2004:011",
"refsource" : "SUSE",
"url" : "http://www.suse.de/de/security/2004_11_live_cd_91.html"
},
{
"name" : "10297",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10297"
},
{
"name" : "livecd-ssh-gain-access(16084)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16084"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10297"
},
{
"name": "SuSE-SA:2004:011",
"refsource": "SUSE",
"url": "http://www.suse.de/de/security/2004_11_live_cd_91.html"
},
{
"name": "livecd-ssh-gain-access(16084)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16084"
}
]
}
}

160
2004/2xxx/CVE-2004-2460.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2460",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an \"infinite\" Unique IDentification Listing (UIDL) list."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://gnubiff.sourceforge.net/changelog.php",
"refsource" : "CONFIRM",
"url" : "http://gnubiff.sourceforge.net/changelog.php"
},
{
"name" : "11123",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11123"
},
{
"name" : "9731",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/9731"
},
{
"name" : "12445",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12445"
},
{
"name" : "gnubiff-pop3-dos(17282)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17282"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an \"infinite\" Unique IDentification Listing (UIDL) list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11123",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11123"
},
{
"name": "http://gnubiff.sourceforge.net/changelog.php",
"refsource": "CONFIRM",
"url": "http://gnubiff.sourceforge.net/changelog.php"
},
{
"name": "12445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12445"
},
{
"name": "gnubiff-pop3-dos(17282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17282"
},
{
"name": "9731",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9731"
}
]
}
}

170
2004/2xxx/CVE-2004-2562.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securiteam.com/windowsntfocus/5QP0M0ADGI.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/windowsntfocus/5QP0M0ADGI.html"
},
{
"name" : "http://www.lbehelpdesk.com/patch/web/history.txt",
"refsource" : "CONFIRM",
"url" : "http://www.lbehelpdesk.com/patch/web/history.txt"
},
{
"name" : "10773",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10773"
},
{
"name" : "8181",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/8181"
},
{
"name" : "12123",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12123"
},
{
"name" : "webhelpdesk-jobedit-sql-injection(16779)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16779"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/windowsntfocus/5QP0M0ADGI.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5QP0M0ADGI.html"
},
{
"name": "12123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12123"
},
{
"name": "http://www.lbehelpdesk.com/patch/web/history.txt",
"refsource": "CONFIRM",
"url": "http://www.lbehelpdesk.com/patch/web/history.txt"
},
{
"name": "8181",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8181"
},
{
"name": "10773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10773"
},
{
"name": "webhelpdesk-jobedit-sql-injection(16779)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16779"
}
]
}
}

200
2008/2xxx/CVE-2008-2069.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080428 GroupWise 7.0 mailto: scheme buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491376/100/0/threaded"
},
{
"name" : "20080502 Re: GroupWise 7.0 mailto: scheme buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491576/100/0/threaded"
},
{
"name" : "20080504 Re: Re: GroupWise 7.0 mailto: scheme buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491594/100/0/threaded"
},
{
"name" : "5515",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5515"
},
{
"name" : "28969",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28969"
},
{
"name" : "ADV-2008-1393",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1393/references"
},
{
"name" : "1019942",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019942"
},
{
"name" : "3847",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3847"
},
{
"name" : "novell-groupwise-mailto-bo(42052)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42052"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080504 Re: Re: GroupWise 7.0 mailto: scheme buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491594/100/0/threaded"
},
{
"name": "3847",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3847"
},
{
"name": "20080502 Re: GroupWise 7.0 mailto: scheme buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491576/100/0/threaded"
},
{
"name": "20080428 GroupWise 7.0 mailto: scheme buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491376/100/0/threaded"
},
{
"name": "28969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28969"
},
{
"name": "1019942",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019942"
},
{
"name": "novell-groupwise-mailto-bo(42052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42052"
},
{
"name": "ADV-2008-1393",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1393/references"
},
{
"name": "5515",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5515"
}
]
}
}

200
2008/2xxx/CVE-2008-2256.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2256",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-2256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBST02360",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name" : "SSRT080117",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name" : "MS08-045",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045"
},
{
"name" : "TA08-225A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name" : "30611",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30611"
},
{
"name" : "oval:org.mitre.oval:def:5366",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5366"
},
{
"name" : "ADV-2008-2349",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2349"
},
{
"name" : "1020674",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020674"
},
{
"name" : "31375",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31375"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2349",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2349"
},
{
"name": "TA08-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html"
},
{
"name": "30611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30611"
},
{
"name": "1020674",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020674"
},
{
"name": "HPSBST02360",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name": "oval:org.mitre.oval:def:5366",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5366"
},
{
"name": "SSRT080117",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2"
},
{
"name": "MS08-045",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045"
},
{
"name": "31375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31375"
}
]
}
}

200
2008/2xxx/CVE-2008-2577.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name" : "ADV-2008-2115",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2115"
},
{
"name" : "ADV-2008-2109",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2109/references"
},
{
"name" : "1020498",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020498"
},
{
"name" : "31113",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31113"
},
{
"name" : "31087",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31087"
},
{
"name" : "oracle-weblogic-consolewlst-priv-escalation(43826)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2 MP1 has unknown impact and remote authenticated attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
},
{
"name": "ADV-2008-2115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2115"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
},
{
"name": "ADV-2008-2109",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2109/references"
},
{
"name": "oracle-weblogic-consolewlst-priv-escalation(43826)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43826"
},
{
"name": "31087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31087"
},
{
"name": "31113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31113"
},
{
"name": "1020498",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020498"
}
]
}
}

160
2008/6xxx/CVE-2008-6268.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6268",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6974",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6974"
},
{
"name" : "32092",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32092"
},
{
"name" : "49718",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/49718"
},
{
"name" : "32499",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32499"
},
{
"name" : "webshop-detail-sql-injection(46369)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46369"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6974",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6974"
},
{
"name": "webshop-detail-sql-injection(46369)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46369"
},
{
"name": "49718",
"refsource": "OSVDB",
"url": "http://osvdb.org/49718"
},
{
"name": "32499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32499"
},
{
"name": "32092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32092"
}
]
}
}

140
2012/0xxx/CVE-2012-0017.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0017",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka \"XSS in inplview.aspx Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-0017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS12-011",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011"
},
{
"name" : "TA12-045A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-045A.html"
},
{
"name" : "oval:org.mitre.oval:def:14637",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14637"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka \"XSS in inplview.aspx Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-045A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-045A.html"
},
{
"name": "oval:org.mitre.oval:def:14637",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14637"
},
{
"name": "MS12-011",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-011"
}
]
}
}

140
2012/0xxx/CVE-2012-0104.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name" : "78417",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78417"
},
{
"name" : "sun-glassfishenterpriseserver-dos(72497)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sun-glassfishenterpriseserver-dos(72497)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72497"
},
{
"name": "78417",
"refsource": "OSVDB",
"url": "http://osvdb.org/78417"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
}
]
}
}

170
2012/1xxx/CVE-2012-1520.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1520",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5400",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5400"
},
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-07-25-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
}

190
2012/1xxx/CVE-2012-1659.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1659",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name" : "http://drupal.org/node/1471940",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1471940"
},
{
"name" : "http://drupal.org/node/1471906",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1471906"
},
{
"name" : "http://drupalcode.org/project/noderecommendation.git/commit/55567d0",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/noderecommendation.git/commit/55567d0"
},
{
"name" : "52343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52343"
},
{
"name" : "79853",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/79853"
},
{
"name" : "48330",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48330"
},
{
"name" : "noderecommendation-unspecified-xss(73778)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73778"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "noderecommendation-unspecified-xss(73778)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73778"
},
{
"name": "http://drupal.org/node/1471906",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1471906"
},
{
"name": "48330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48330"
},
{
"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "http://drupalcode.org/project/noderecommendation.git/commit/55567d0",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/noderecommendation.git/commit/55567d0"
},
{
"name": "52343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52343"
},
{
"name": "79853",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79853"
},
{
"name": "http://drupal.org/node/1471940",
"refsource": "MISC",
"url": "http://drupal.org/node/1471940"
}
]
}
}

210
2012/1xxx/CVE-2012-1956.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1956",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-59.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-59.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=756719",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=756719"
},
{
"name" : "RHSA-2012:1351",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1351.html"
},
{
"name" : "SUSE-SU-2012:1167",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html"
},
{
"name" : "openSUSE-SU-2012:1065",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html"
},
{
"name" : "SUSE-SU-2012:1157",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html"
},
{
"name" : "USN-1548-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1548-2"
},
{
"name" : "USN-1548-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1548-1"
},
{
"name" : "55260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55260"
},
{
"name" : "oval:org.mitre.oval:def:16367",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16367"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16367",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16367"
},
{
"name": "RHSA-2012:1351",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=756719",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=756719"
},
{
"name": "55260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55260"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-59.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-59.html"
},
{
"name": "USN-1548-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1548-1"
},
{
"name": "USN-1548-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1548-2"
},
{
"name": "SUSE-SU-2012:1167",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html"
},
{
"name": "SUSE-SU-2012:1157",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html"
},
{
"name": "openSUSE-SU-2012:1065",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html"
}
]
}
}

130
2012/5xxx/CVE-2012-5328.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=492859@mingle-forum&old=487353@mingle-forum",
"refsource" : "CONFIRM",
"url" : "http://plugins.trac.wordpress.org/changeset?reponame=&new=492859@mingle-forum&old=487353@mingle-forum"
},
{
"name" : "http://wordpress.org/extend/plugins/mingle-forum/changelog/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/extend/plugins/mingle-forum/changelog/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/extend/plugins/mingle-forum/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/mingle-forum/changelog/"
},
{
"name": "http://plugins.trac.wordpress.org/changeset?reponame=&new=492859@mingle-forum&old=487353@mingle-forum",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset?reponame=&new=492859@mingle-forum&old=487353@mingle-forum"
}
]
}
}

34
2012/5xxx/CVE-2012-5396.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5396",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5396",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/5xxx/CVE-2012-5418.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5418",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5418",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

480
2012/5xxx/CVE-2012-5829.json
View File

@ -1,242 +1,242 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5829",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html"
},
{
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=792305",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=792305"
},
{
"name" : "DSA-2583",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2583"
},
{
"name" : "DSA-2584",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2584"
},
{
"name" : "DSA-2588",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2588"
},
{
"name" : "MDVSA-2012:173",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
},
{
"name" : "RHSA-2012:1482",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
},
{
"name" : "RHSA-2012:1483",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
},
{
"name" : "openSUSE-SU-2012:1583",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
},
{
"name" : "openSUSE-SU-2012:1585",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
},
{
"name" : "openSUSE-SU-2012:1586",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
},
{
"name" : "SUSE-SU-2012:1592",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
},
{
"name" : "SUSE-SU-2013:0048",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
},
{
"name" : "SUSE-SU-2013:0049",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
},
{
"name" : "openSUSE-SU-2013:0131",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
},
{
"name" : "openSUSE-SU-2013:0149",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
},
{
"name" : "openSUSE-SU-2013:0175",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
},
{
"name" : "USN-1638-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-1"
},
{
"name" : "USN-1638-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-3"
},
{
"name" : "USN-1638-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-2"
},
{
"name" : "USN-1636-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1636-1"
},
{
"name" : "USN-1681-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1681-1"
},
{
"name" : "USN-1681-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1681-2"
},
{
"name" : "USN-1681-4",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1681-4"
},
{
"name" : "56636",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56636"
},
{
"name" : "87608",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/87608"
},
{
"name" : "oval:org.mitre.oval:def:16849",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16849"
},
{
"name" : "51359",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51359"
},
{
"name" : "51360",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51360"
},
{
"name" : "51369",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51369"
},
{
"name" : "51381",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51381"
},
{
"name" : "51434",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51434"
},
{
"name" : "51439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51439"
},
{
"name" : "51440",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51440"
},
{
"name" : "51370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51370"
},
{
"name" : "firefox-onexposeevent-bo(80195)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80195"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1638-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-3"
},
{
"name": "51370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51370"
},
{
"name": "USN-1638-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-2"
},
{
"name": "SUSE-SU-2013:0048",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
},
{
"name": "openSUSE-SU-2012:1586",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
},
{
"name": "USN-1636-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1636-1"
},
{
"name": "openSUSE-SU-2013:0175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
},
{
"name": "oval:org.mitre.oval:def:16849",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16849"
},
{
"name": "RHSA-2012:1483",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
},
{
"name": "openSUSE-SU-2013:0131",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
},
{
"name": "DSA-2584",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2584"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-02.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=792305",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=792305"
},
{
"name": "RHSA-2012:1482",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
},
{
"name": "87608",
"refsource": "OSVDB",
"url": "http://osvdb.org/87608"
},
{
"name": "51434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51434"
},
{
"name": "openSUSE-SU-2012:1583",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
},
{
"name": "USN-1681-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1681-4"
},
{
"name": "51439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51439"
},
{
"name": "51440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51440"
},
{
"name": "USN-1638-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-1"
},
{
"name": "56636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56636"
},
{
"name": "SUSE-SU-2013:0049",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
},
{
"name": "USN-1681-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1681-1"
},
{
"name": "SUSE-SU-2012:1592",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
},
{
"name": "51359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51359"
},
{
"name": "MDVSA-2012:173",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
},
{
"name": "openSUSE-SU-2013:0149",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
},
{
"name": "openSUSE-SU-2012:1585",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
},
{
"name": "firefox-onexposeevent-bo(80195)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80195"
},
{
"name": "51381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51381"
},
{
"name": "DSA-2583",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2583"
},
{
"name": "USN-1681-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1681-2"
},
{
"name": "51369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51369"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html"
},
{
"name": "51360",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51360"
},
{
"name": "DSA-2588",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2588"
}
]
}
}

130
2017/11xxx/CVE-2017-11728.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in-opcode_32.html",
"refsource" : "MISC",
"url" : "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in-opcode_32.html"
},
{
"name" : "https://github.com/libming/libming/issues/82",
"refsource" : "MISC",
"url" : "https://github.com/libming/libming/issues/82"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libming/libming/issues/82",
"refsource": "MISC",
"url": "https://github.com/libming/libming/issues/82"
},
{
"name": "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in-opcode_32.html",
"refsource": "MISC",
"url": "http://somevulnsofadlab.blogspot.jp/2017/07/libmingheap-buffer-overflow-in-opcode_32.html"
}
]
}
}

142
2017/11xxx/CVE-2017-11805.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-10-10T00:00:00",
"ID" : "CVE-2017-11805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ChakraCore, Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "ChakraCore, Microsoft Windows 10 1703."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-11805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ChakraCore, Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "ChakraCore, Microsoft Windows 10 1703."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11805",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11805"
},
{
"name" : "101132",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101132"
},
{
"name" : "1039529",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039529"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11805",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11805"
},
{
"name": "1039529",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039529"
},
{
"name": "101132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101132"
}
]
}
}

170
2017/3xxx/CVE-2017-3064.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 25.0.0.127 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 25.0.0.127 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 25.0.0.127 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42019",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42019/"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name" : "GLSA-201704-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201704-04"
},
{
"name" : "RHSA-2017:0934",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name" : "97557",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97557"
},
{
"name" : "1038225",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038225"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201704-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-04"
},
{
"name": "1038225",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038225"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-10.html"
},
{
"name": "97557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97557"
},
{
"name": "RHSA-2017:0934",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0934"
},
{
"name": "42019",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42019/"
}
]
}
}

160
2017/3xxx/CVE-2017-3112.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3112",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 27.0.0.183 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 27.0.0.183 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds Read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 27.0.0.183 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 27.0.0.183 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html"
},
{
"name" : "GLSA-201711-13",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201711-13"
},
{
"name" : "RHSA-2017:3222",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3222"
},
{
"name" : "101837",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101837"
},
{
"name" : "1039778",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039778"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-33.html"
},
{
"name": "RHSA-2017:3222",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3222"
},
{
"name": "GLSA-201711-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-13"
},
{
"name": "101837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101837"
},
{
"name": "1039778",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039778"
}
]
}
}

150
2017/3xxx/CVE-2017-3222.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"ID" : "CVE-2017-3222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "AmosConnect",
"version" : {
"version_data" : [
{
"version_value" : "8.0, 8.0.1, 8.0.2, 8.2.0, 8.2.1, 8.2.2, 8.3.0, 8.3.1, 8.4.0, 8.4.0.1"
}
]
}
}
]
},
"vendor_name" : "Inmarsat"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-798"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2017-3222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AmosConnect",
"version": {
"version_data": [
{
"version_value": "8.0, 8.0.1, 8.0.2, 8.2.0, 8.2.1, 8.2.2, 8.3.0, 8.3.1, 8.4.0, 8.4.0.1"
}
]
}
}
]
},
"vendor_name": "Inmarsat"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/",
"refsource" : "MISC",
"url" : "http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/"
},
{
"name" : "https://twitter.com/mkolsek/status/923988845783322625",
"refsource" : "MISC",
"url" : "https://twitter.com/mkolsek/status/923988845783322625"
},
{
"name" : "VU#586501",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/586501"
},
{
"name" : "99899",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99899"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/",
"refsource": "MISC",
"url": "http://www.inmarsat.com/news/inmarsat-response-to-ioactive-claims/"
},
{
"name": "99899",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99899"
},
{
"name": "https://twitter.com/mkolsek/status/923988845783322625",
"refsource": "MISC",
"url": "https://twitter.com/mkolsek/status/923988845783322625"
},
{
"name": "VU#586501",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/586501"
}
]
}
}

180
2017/7xxx/CVE-2017-7055.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207921",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207921"
},
{
"name" : "https://support.apple.com/HT207923",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207923"
},
{
"name" : "https://support.apple.com/HT207924",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207924"
},
{
"name" : "https://support.apple.com/HT207927",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207927"
},
{
"name" : "https://support.apple.com/HT207928",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207928"
},
{
"name" : "99885",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99885"
},
{
"name" : "1038950",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038950"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99885"
},
{
"name": "https://support.apple.com/HT207927",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207927"
},
{
"name": "https://support.apple.com/HT207924",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207924"
},
{
"name": "https://support.apple.com/HT207928",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207928"
},
{
"name": "https://support.apple.com/HT207921",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207921"
},
{
"name": "https://support.apple.com/HT207923",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207923"
},
{
"name": "1038950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038950"
}
]
}
}

140
2017/7xxx/CVE-2017-7074.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7074",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"AppSandbox\" component. It allows attackers to cause a denial of service via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208144",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208144"
},
{
"name" : "100993",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100993"
},
{
"name" : "1039427",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039427"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"AppSandbox\" component. It allows attackers to cause a denial of service via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100993"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
}
]
}
}

140
2017/8xxx/CVE-2017-8000.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"ID" : "CVE-2017-8000",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "RSA Authentication Manager 8.2 SP1 and earlier",
"version" : {
"version_data" : [
{
"version_value" : "RSA Authentication Manager 8.2 SP1 and earlier"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stored Cross-Site Scripting Vulnerabilities"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2017-8000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA Authentication Manager 8.2 SP1 and earlier",
"version": {
"version_data": [
{
"version_value": "RSA Authentication Manager 8.2 SP1 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/fulldisclosure/2017/Jul/25",
"refsource" : "CONFIRM",
"url" : "http://seclists.org/fulldisclosure/2017/Jul/25"
},
{
"name" : "99572",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99572"
},
{
"name" : "1038878",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038878"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored Cross-Site Scripting Vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038878",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038878"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/25",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Jul/25"
},
{
"name": "99572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99572"
}
]
}
}

152
2017/8xxx/CVE-2017-8585.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00",
"ID" : "CVE-2017-8585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft .NET Framework"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-8585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7",
"version": {
"version_data": [
{
"version_value": "Microsoft .NET Framework"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8585",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8585"
},
{
"name" : "RHSA-2017:3248",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3248"
},
{
"name" : "99432",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99432"
},
{
"name" : "1038864",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038864"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038864",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038864"
},
{
"name": "99432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99432"
},
{
"name": "RHSA-2017:3248",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3248"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8585",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8585"
}
]
}
}

132
2017/8xxx/CVE-2017-8745.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-09-12T00:00:00",
"ID" : "CVE-2017-8745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft SharePoint Foundation 2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Cross Site Scripting Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-09-12T00:00:00",
"ID": "CVE-2017-8745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "Microsoft SharePoint Foundation 2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745"
},
{
"name" : "100753",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100753"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Cross Site Scripting Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100753"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8745"
}
]
}
}

34
2018/10xxx/CVE-2018-10247.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10247",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10247",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/10xxx/CVE-2018-10526.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10526",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10526",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/10xxx/CVE-2018-10554.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10554",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code610.blogspot.com/2018/04/few-bugs-in-latest-nagios-xi-5413.html",
"refsource" : "MISC",
"url" : "http://code610.blogspot.com/2018/04/few-bugs-in-latest-nagios-xi-5413.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable via CSRF in (1) the Schedule New Report screen via the hour, minute, or ampm parameter, related to components/scheduledreporting; (2) includes/components/xicore/downtime.php, related to the update_pages function; (3) the ajaxhelper.php opts or background parameter; (4) the i[] array parameter to ajax_handler.php; or (5) the deploynotification.php title parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code610.blogspot.com/2018/04/few-bugs-in-latest-nagios-xi-5413.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2018/04/few-bugs-in-latest-nagios-xi-5413.html"
}
]
}
}

150
2018/10xxx/CVE-2018-10689.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10689",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7",
"refsource" : "MISC",
"url" : "http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
},
{
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7",
"refsource" : "MISC",
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
},
{
"name" : "https://www.spinics.net/lists/linux-btrace/msg00847.html",
"refsource" : "MISC",
"url" : "https://www.spinics.net/lists/linux-btrace/msg00847.html"
},
{
"name" : "104142",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104142"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt program with a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.spinics.net/lists/linux-btrace/msg00847.html",
"refsource": "MISC",
"url": "https://www.spinics.net/lists/linux-btrace/msg00847.html"
},
{
"name": "104142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104142"
},
{
"name": "http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7",
"refsource": "MISC",
"url": "http://git.kernel.dk/?p=blktrace.git;a=log;h=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7"
}
]
}
}

140
2018/10xxx/CVE-2018-10751.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44724",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44724/"
},
{
"name" : "http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html"
},
{
"name" : "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource" : "CONFIRM",
"url" : "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44724",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44724/"
},
{
"name": "http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/147841/Samsung-Galaxy-S7-Edge-OMACP-WbXml-String-Extension-Processing-Overflow.html"
},
{
"name": "https://security.samsungmobile.com/securityUpdate.smsb",
"refsource": "CONFIRM",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
}
]
}
}

140
2018/12xxx/CVE-2018-12811.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-12811",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "memory corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-12811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6",
"version": {
"version_data": [
{
"version_value": "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/photoshop/apsb18-28.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/photoshop/apsb18-28.html"
},
{
"name" : "105123",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105123"
},
{
"name" : "1041599",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041599"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Photoshop CC 2018 before 19.1.6 and Photoshop CC 2017 before 18.1.6 have a memory corruption vulnerability. Successful exploitation could lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memory corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105123",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105123"
},
{
"name": "https://helpx.adobe.com/security/products/photoshop/apsb18-28.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/photoshop/apsb18-28.html"
},
{
"name": "1041599",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041599"
}
]
}
}

150
2018/12xxx/CVE-2018-12826.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-12826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 30.0.0.134 and earlier",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 30.0.0.134 and earlier"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-12826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 30.0.0.134 and earlier",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 30.0.0.134 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb18-25.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-25.html"
},
{
"name" : "RHSA-2018:2435",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2435"
},
{
"name" : "105066",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105066"
},
{
"name" : "1041448",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041448"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105066"
},
{
"name": "RHSA-2018:2435",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2435"
},
{
"name": "1041448",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041448"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb18-25.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-25.html"
}
]
}
}

120
2018/13xxx/CVE-2018-13321.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the \"method\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d",
"refsource" : "MISC",
"url" : "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the \"method\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d"
}
]
}
}

34
2018/13xxx/CVE-2018-13430.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13430",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13430",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/13xxx/CVE-2018-13554.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13554",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyTreeToken",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyTreeToken"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for MoneyTree (TREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyTreeToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoneyTreeToken"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

34
2018/17xxx/CVE-2018-17262.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17262",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17262",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

130
2018/9xxx/CVE-2018-9562.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2018-9562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-9"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113164621."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2018-9562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-12-01"
},
{
"name" : "106147",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113164621."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106147"
},
{
"name": "https://source.android.com/security/bulletin/2018-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-12-01"
}
]
}
}

34
2018/9xxx/CVE-2018-9749.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9749",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9749",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}