admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:44:46 +00:00
parent 961329a2cf
commit f1eaf594dc
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
46 changed files with 3016 additions and 3016 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2003/1xxx/CVE-2003-1251.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1251",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030102 N/X (PHP)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0005.html"
},
{
"name" : "7808",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/7808"
},
{
"name" : "nx-file-include(10969)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10969.php"
},
{
"name" : "6500",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6500"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nx-file-include(10969)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10969.php"
},
{
"name": "20030102 N/X (PHP)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0005.html"
},
{
"name": "6500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6500"
},
{
"name": "7808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/7808"
}
]
}
}

34
2004/0xxx/CVE-2004-0144.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0144",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2004-0144",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2004. Notes: none."
}
]
}
}

230
2004/0xxx/CVE-2004-0156.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0156",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-485",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-485"
},
{
"name" : "GLSA-200404-18",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200404-18.xml"
},
{
"name" : "20040507 [OpenPKG-SA-2004.020] OpenPKG Security Advisory (ssmtp)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108403772130855&w=2"
},
{
"name" : "10150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10150"
},
{
"name" : "5360",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5360"
},
{
"name" : "5361",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5361"
},
{
"name" : "1009788",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1009788"
},
{
"name" : "11378",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11378"
},
{
"name" : "11384",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11384"
},
{
"name" : "11485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11485"
},
{
"name" : "11571",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11571"
},
{
"name" : "ssmtp-die-logevent-format-string(15872)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15872"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11571"
},
{
"name": "DSA-485",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-485"
},
{
"name": "20040507 [OpenPKG-SA-2004.020] OpenPKG Security Advisory (ssmtp)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108403772130855&w=2"
},
{
"name": "11384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11384"
},
{
"name": "1009788",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009788"
},
{
"name": "11378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11378"
},
{
"name": "5360",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5360"
},
{
"name": "5361",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5361"
},
{
"name": "10150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10150"
},
{
"name": "GLSA-200404-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200404-18.xml"
},
{
"name": "ssmtp-die-logevent-format-string(15872)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15872"
},
{
"name": "11485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11485"
}
]
}
}

130
2004/0xxx/CVE-2004-0740.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040720 Denial of Service vulnerability in several Lexmark HTTP servers",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109035701329111&w=2"
},
{
"name" : "lexmark-long-host-bo(16752)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16752"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lexmark-long-host-bo(16752)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16752"
},
{
"name": "20040720 Denial of Service vulnerability in several Lexmark HTTP servers",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109035701329111&w=2"
}
]
}
}

180
2004/0xxx/CVE-2004-0952.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0952",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050816 Corsaire Security Advisory: HP Ignite-UX filesystem permissions issue",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112420609211136&w=2"
},
{
"name" : "HPSBUX01219",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=112422597529112&w=2"
},
{
"name" : "SSRT4874",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=112422597529112&w=2"
},
{
"name" : "oval:org.mitre.oval:def:5775",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5775"
},
{
"name" : "1014711",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014711"
},
{
"name" : "16456",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16456/"
},
{
"name" : "hpigniteux-addnewclient-gain-access(21857)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21857"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBUX01219",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=112422597529112&w=2"
},
{
"name": "oval:org.mitre.oval:def:5775",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5775"
},
{
"name": "hpigniteux-addnewclient-gain-access(21857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21857"
},
{
"name": "20050816 Corsaire Security Advisory: HP Ignite-UX filesystem permissions issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112420609211136&w=2"
},
{
"name": "16456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16456/"
},
{
"name": "1014711",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014711"
},
{
"name": "SSRT4874",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=112422597529112&w=2"
}
]
}
}

160
2004/1xxx/CVE-2004-1004.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1004",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-639",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-639"
},
{
"name" : "GLSA-200502-24",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-24.xml"
},
{
"name" : "RHSA-2005:217",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-217.html"
},
{
"name" : "13863",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13863/"
},
{
"name" : "midnightcommander-format-string(18902)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18902"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13863/"
},
{
"name": "midnightcommander-format-string(18902)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18902"
},
{
"name": "RHSA-2005:217",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-217.html"
},
{
"name": "DSA-639",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-639"
},
{
"name": "GLSA-200502-24",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-24.xml"
}
]
}
}

160
2004/1xxx/CVE-2004-1089.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2004-12-02",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
},
{
"name" : "P-049",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/p-049.shtml"
},
{
"name" : "11802",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11802"
},
{
"name" : "13362",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13362/"
},
{
"name" : "cyrus-kerberos-gain-access(18351)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18351"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11802"
},
{
"name": "13362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13362/"
},
{
"name": "APPLE-SA-2004-12-02",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2004/Dec/msg00000.html"
},
{
"name": "cyrus-kerberos-gain-access(18351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18351"
},
{
"name": "P-049",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-049.shtml"
}
]
}
}

160
2004/1xxx/CVE-2004-1470.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1470",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040914 ADVISORY: http response splitting in snipsnap",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109518773223511&w=2"
},
{
"name" : "http://www.snipsnap.org/space/start",
"refsource" : "CONFIRM",
"url" : "http://www.snipsnap.org/space/start"
},
{
"name" : "GLSA-200409-23",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200409-23.xml"
},
{
"name" : "11180",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11180"
},
{
"name" : "snipsnap-response-splitting(17364)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17364"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "snipsnap-response-splitting(17364)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17364"
},
{
"name": "11180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11180"
},
{
"name": "GLSA-200409-23",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-23.xml"
},
{
"name": "20040914 ADVISORY: http response splitting in snipsnap",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109518773223511&w=2"
},
{
"name": "http://www.snipsnap.org/space/start",
"refsource": "CONFIRM",
"url": "http://www.snipsnap.org/space/start"
}
]
}
}

150
2004/1xxx/CVE-2004-1979.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1979",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040501 Props 0.6.1 XSS and Remote File Viewing Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108342671616155&w=2"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=29581&release_id=234433",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=29581&release_id=234433"
},
{
"name" : "10258",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10258"
},
{
"name" : "props-dosearch-xss(16035)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16035"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "props-dosearch-xss(16035)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16035"
},
{
"name": "10258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10258"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=29581&release_id=234433",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=29581&release_id=234433"
},
{
"name": "20040501 Props 0.6.1 XSS and Remote File Viewing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108342671616155&w=2"
}
]
}
}

170
2004/2xxx/CVE-2004-2263.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2263",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securiteam.com/unixfocus/5UP0F2ADPS.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/unixfocus/5UP0F2ADPS.html"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=254915",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=254915"
},
{
"name" : "10970",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10970"
},
{
"name" : "8984",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/8984"
},
{
"name" : "1010984",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1010984"
},
{
"name" : "playsms-valid-sql-injection(17031)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17031"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "playsms-valid-sql-injection(17031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17031"
},
{
"name": "http://www.securiteam.com/unixfocus/5UP0F2ADPS.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5UP0F2ADPS.html"
},
{
"name": "8984",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8984"
},
{
"name": "10970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10970"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=254915",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=254915"
},
{
"name": "1010984",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010984"
}
]
}
}

170
2004/2xxx/CVE-2004-2278.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://chaogic.com/vhost/ChangeLog.txt",
"refsource" : "CONFIRM",
"url" : "http://chaogic.com/vhost/ChangeLog.txt"
},
{
"name" : "9860",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9860"
},
{
"name" : "4207",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4207"
},
{
"name" : "1009404",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1009404"
},
{
"name" : "11113",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11113"
},
{
"name" : "vhost-xss(15446)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15446"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9860"
},
{
"name": "vhost-xss(15446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15446"
},
{
"name": "11113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11113"
},
{
"name": "1009404",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009404"
},
{
"name": "http://chaogic.com/vhost/ChangeLog.txt",
"refsource": "CONFIRM",
"url": "http://chaogic.com/vhost/ChangeLog.txt"
},
{
"name": "4207",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4207"
}
]
}
}

160
2004/2xxx/CVE-2004-2369.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt",
"refsource" : "MISC",
"url" : "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
},
{
"name" : "9900",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9900"
},
{
"name" : "11143",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11143/"
},
{
"name" : "lotus-dotdot-file-creation(15503)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15503"
},
{
"name" : "lotus-webadmin-file-disclosure(15504)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15504"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11143/"
},
{
"name": "9900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9900"
},
{
"name": "lotus-webadmin-file-disclosure(15504)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15504"
},
{
"name": "lotus-dotdot-file-creation(15503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15503"
},
{
"name": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt",
"refsource": "MISC",
"url": "http://members.lycos.co.uk/r34ct/main/ibm_lotus_domino/lotus.txt"
}
]
}
}

190
2008/2xxx/CVE-2008-2333.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2333",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080522 IRM Security Advisory : Barracuda Networks Spam Firewall Cross-Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492475/100/0/threaded"
},
{
"name" : "http://www.irmplc.com/index.php/168-Advisory-027",
"refsource" : "MISC",
"url" : "http://www.irmplc.com/index.php/168-Advisory-027"
},
{
"name" : "http://www.barracudanetworks.com/ns/support/tech_alert.php",
"refsource" : "CONFIRM",
"url" : "http://www.barracudanetworks.com/ns/support/tech_alert.php"
},
{
"name" : "29340",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29340"
},
{
"name" : "1020108",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020108"
},
{
"name" : "30362",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30362"
},
{
"name" : "ADV-2008-1627",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1627/references"
},
{
"name" : "barracuda-email-xss(42594)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42594"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1627",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1627/references"
},
{
"name": "20080522 IRM Security Advisory : Barracuda Networks Spam Firewall Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492475/100/0/threaded"
},
{
"name": "29340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29340"
},
{
"name": "barracuda-email-xss(42594)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42594"
},
{
"name": "1020108",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020108"
},
{
"name": "http://www.barracudanetworks.com/ns/support/tech_alert.php",
"refsource": "CONFIRM",
"url": "http://www.barracudanetworks.com/ns/support/tech_alert.php"
},
{
"name": "30362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30362"
},
{
"name": "http://www.irmplc.com/index.php/168-Advisory-027",
"refsource": "MISC",
"url": "http://www.irmplc.com/index.php/168-Advisory-027"
}
]
}
}

140
2008/2xxx/CVE-2008-2629.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2629",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5724",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5724"
},
{
"name" : "29495",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29495"
},
{
"name" : "plog-index-sql-injection(42808)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42808"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29495"
},
{
"name": "5724",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5724"
},
{
"name": "plog-index-sql-injection(42808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42808"
}
]
}
}

140
2008/2xxx/CVE-2008-2770.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5787",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5787"
},
{
"name" : "29671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29671"
},
{
"name" : "mycrocms-entryid-sql-injection(43002)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43002"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29671"
},
{
"name": "5787",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5787"
},
{
"name": "mycrocms-entryid-sql-injection(43002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43002"
}
]
}
}

160
2008/6xxx/CVE-2008-6557.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6557",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080321 webutil.pl is still vulnerable against Remote Command Execution.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/489961/100/0/threaded"
},
{
"name" : "28393",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28393"
},
{
"name" : "51181",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51181"
},
{
"name" : "webutil-shell-command-execution(41400)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41400"
},
{
"name" : "webutil-details-command-execution(49821)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49821"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080321 webutil.pl is still vulnerable against Remote Command Execution.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489961/100/0/threaded"
},
{
"name": "28393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28393"
},
{
"name": "51181",
"refsource": "OSVDB",
"url": "http://osvdb.org/51181"
},
{
"name": "webutil-shell-command-execution(41400)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41400"
},
{
"name": "webutil-details-command-execution(49821)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49821"
}
]
}
}

180
2008/6xxx/CVE-2008-6579.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6579",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to \"web resources to phones and administrators.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.voipshield.com/research-details.php?id=28",
"refsource" : "MISC",
"url" : "http://www.voipshield.com/research-details.php?id=28"
},
{
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455",
"refsource" : "CONFIRM",
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455"
},
{
"name" : "28691",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28691"
},
{
"name" : "44377",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/44377"
},
{
"name" : "1019846",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019846"
},
{
"name" : "29747",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29747"
},
{
"name" : "nortel-web-application-info-disclosure(41805)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41805"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to \"web resources to phones and administrators.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=713455"
},
{
"name": "nortel-web-application-info-disclosure(41805)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41805"
},
{
"name": "44377",
"refsource": "OSVDB",
"url": "http://osvdb.org/44377"
},
{
"name": "29747",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29747"
},
{
"name": "1019846",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019846"
},
{
"name": "28691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28691"
},
{
"name": "http://www.voipshield.com/research-details.php?id=28",
"refsource": "MISC",
"url": "http://www.voipshield.com/research-details.php?id=28"
}
]
}
}

160
2008/7xxx/CVE-2008-7165.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administrator panel in TELECOM ITALIA Alice Gate2 Plus Wi-Fi allows remote attackers to hijack the authentication of administrators for requests that disable Wi-Fi encryption via certain values for the wlChannel and wlRadioEnable parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080121 Flaw in Alice gate2 pluswifi adsl modem",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/486733/100/200/threaded"
},
{
"name" : "27374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27374"
},
{
"name" : "40739",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40739"
},
{
"name" : "28618",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28618"
},
{
"name" : "alicegate2pluswifi-cp06wifimnocifr-csrf(39831)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39831"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the administrator panel in TELECOM ITALIA Alice Gate2 Plus Wi-Fi allows remote attackers to hijack the authentication of administrators for requests that disable Wi-Fi encryption via certain values for the wlChannel and wlRadioEnable parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40739",
"refsource": "OSVDB",
"url": "http://osvdb.org/40739"
},
{
"name": "27374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27374"
},
{
"name": "alicegate2pluswifi-cp06wifimnocifr-csrf(39831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39831"
},
{
"name": "20080121 Flaw in Alice gate2 pluswifi adsl modem",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486733/100/200/threaded"
},
{
"name": "28618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28618"
}
]
}
}

130
2012/5xxx/CVE-2012-5234.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5234",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ocportal.com/site/news/view/new-releases/ocportal-7-1-6-released.htm",
"refsource" : "CONFIRM",
"url" : "http://ocportal.com/site/news/view/new-releases/ocportal-7-1-6-released.htm"
},
{
"name" : "http://ocportal.com/site/news/view/ocportal-security-update.htm",
"refsource" : "CONFIRM",
"url" : "http://ocportal.com/site/news/view/ocportal-security-update.htm"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in index.php in ocPortal before 7.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ocportal.com/site/news/view/ocportal-security-update.htm",
"refsource": "CONFIRM",
"url": "http://ocportal.com/site/news/view/ocportal-security-update.htm"
},
{
"name": "http://ocportal.com/site/news/view/new-releases/ocportal-7-1-6-released.htm",
"refsource": "CONFIRM",
"url": "http://ocportal.com/site/news/view/new-releases/ocportal-7-1-6-released.htm"
}
]
}
}

180
2012/5xxx/CVE-2012-5522.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121114 Re: CVE request: mantis before 1.2.12",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2012/11/14/1"
},
{
"name" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=150",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/bugs/changelog_page.php?version_id=150"
},
{
"name" : "http://www.mantisbt.org/bugs/view.php?id=14496",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/bugs/view.php?id=14496"
},
{
"name" : "FEDORA-2012-18273",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html"
},
{
"name" : "FEDORA-2012-18294",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html"
},
{
"name" : "FEDORA-2012-18299",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html"
},
{
"name" : "56520",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56520"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2012-18299",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093063.html"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=14496",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=14496"
},
{
"name": "56520",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56520"
},
{
"name": "[oss-security] 20121114 Re: CVE request: mantis before 1.2.12",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/14/1"
},
{
"name": "FEDORA-2012-18294",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093064.html"
},
{
"name": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=150",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/changelog_page.php?version_id=150"
},
{
"name": "FEDORA-2012-18273",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092926.html"
}
]
}
}

150
2012/5xxx/CVE-2012-5556.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5556",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"name" : "http://drupal.org/node/1840740",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1840740"
},
{
"name" : "http://drupal.org/node/1840722",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1840722"
},
{
"name" : "http://drupal.org/node/1840728",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1840728"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and 7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to hijack the authentication of arbitrary users via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1840740",
"refsource": "MISC",
"url": "http://drupal.org/node/1840740"
},
{
"name": "http://drupal.org/node/1840722",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1840722"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"name": "http://drupal.org/node/1840728",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1840728"
}
]
}
}

150
2012/5xxx/CVE-2012-5875.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5875",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121219 Firefly MediaServer Multiple Remote DoS Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-12/0115.html"
},
{
"name" : "23574",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/23574"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23129",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23129"
},
{
"name" : "1027917",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027917"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121219 Firefly MediaServer Multiple Remote DoS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0115.html"
},
{
"name": "23574",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/23574"
},
{
"name": "https://www.htbridge.com/advisory/HTB23129",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23129"
},
{
"name": "1027917",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027917"
}
]
}
}

34
2017/11xxx/CVE-2017-11963.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11963",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11963",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/15xxx/CVE-2017-15006.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15006",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15006",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2017/15xxx/CVE-2017-15091.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2017-11-27T00:00:00",
"ID" : "CVE-2017-15091",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PowerDNS Authoritative",
"version" : {
"version_data" : [
{
"version_value" : "4.x up to and including 4.0.4"
},
{
"version_value" : "3.x up to and including 3.4.11"
}
]
}
}
]
},
"vendor_name" : "PowerDNS"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-863"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-11-27T00:00:00",
"ID": "CVE-2017-15091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerDNS Authoritative",
"version": {
"version_data": [
{
"version_value": "4.x up to and including 4.0.4"
},
{
"version_value": "3.x up to and including 3.4.11"
}
]
}
}
]
},
"vendor_name": "PowerDNS"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html",
"refsource" : "CONFIRM",
"url" : "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html"
},
{
"name" : "101982",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101982"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101982"
},
{
"name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html",
"refsource": "CONFIRM",
"url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html"
}
]
}
}

140
2017/15xxx/CVE-2017-15215.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15215",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://openwall.com/lists/oss-security/2017/10/07/2",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2017/10/07/2"
},
{
"name" : "https://github.com/shaarli/Shaarli/pull/987",
"refsource" : "MISC",
"url" : "https://github.com/shaarli/Shaarli/pull/987"
},
{
"name" : "https://github.com/shaarli/Shaarli/releases/tag/v0.9.2",
"refsource" : "MISC",
"url" : "https://github.com/shaarli/Shaarli/releases/tag/v0.9.2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/shaarli/Shaarli/pull/987",
"refsource": "MISC",
"url": "https://github.com/shaarli/Shaarli/pull/987"
},
{
"name": "http://openwall.com/lists/oss-security/2017/10/07/2",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/10/07/2"
},
{
"name": "https://github.com/shaarli/Shaarli/releases/tag/v0.9.2",
"refsource": "MISC",
"url": "https://github.com/shaarli/Shaarli/releases/tag/v0.9.2"
}
]
}
}

130
2017/15xxx/CVE-2017-15379.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15379",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42980",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42980/"
},
{
"name" : "http://whiteboyz.xyz/esic-software-publico-autentication-bypass.html",
"refsource" : "MISC",
"url" : "http://whiteboyz.xyz/esic-software-publico-autentication-bypass.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://whiteboyz.xyz/esic-software-publico-autentication-bypass.html",
"refsource": "MISC",
"url": "http://whiteboyz.xyz/esic-software-publico-autentication-bypass.html"
},
{
"name": "42980",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42980/"
}
]
}
}

34
2017/15xxx/CVE-2017-15451.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15451",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15451",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

140
2017/3xxx/CVE-2017-3301.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_value" : "11.3"
}
]
}
}
]
},
"vendor_name" : "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.3 (Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_value": "11.3"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "95567",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95567"
},
{
"name" : "1037641",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037641"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.3 (Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95567",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95567"
},
{
"name": "1037641",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037641"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

168
2017/3xxx/CVE-2017-3971.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@mcafee.com",
"DATE_PUBLIC" : "2017-03-29T17:00:00.000Z",
"ID" : "CVE-2017-3971",
"STATE" : "PUBLIC",
"TITLE" : "SB10192 - Network Security Management (NSM) - Cryptanalysis vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Network Security Management (NSM)",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "8.2",
"version_value" : "8.2.7.42.2"
}
]
}
}
]
},
"vendor_name" : "McAfee"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 8.2,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cryptanalysis vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC": "2017-03-29T17:00:00.000Z",
"ID": "CVE-2017-3971",
"STATE": "PUBLIC",
"TITLE": "SB10192 - Network Security Management (NSM) - Cryptanalysis vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Security Management (NSM)",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "8.2",
"version_value": "8.2.7.42.2"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10192",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10192"
}
]
},
"source" : {
"advisory" : "SB10192",
"discovery" : "EXTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cryptanalysis vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to view confidential information via insecure use of RC4 encryption cyphers."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cryptanalysis vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192"
}
]
},
"source": {
"advisory": "SB10192",
"discovery": "EXTERNAL"
}
}

34
2017/8xxx/CVE-2017-8092.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8092",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8092",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

250
2017/8xxx/CVE-2017-8386.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8386",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[git] 20170510 [ANNOUNCE] Git v2.12.3 and others",
"refsource" : "MLIST",
"url" : "http://public-inbox.org/git/xmqq8tm5ziat.fsf@gitster.mtv.corp.google.com/"
},
{
"name" : "https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/",
"refsource" : "MISC",
"url" : "https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/"
},
{
"name" : "https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5",
"refsource" : "CONFIRM",
"url" : "https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5"
},
{
"name" : "DSA-3848",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3848"
},
{
"name" : "FEDORA-2017-01a7989fc0",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/"
},
{
"name" : "FEDORA-2017-7ea0e02914",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/"
},
{
"name" : "FEDORA-2017-f4319b6dfc",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/"
},
{
"name" : "GLSA-201706-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-04"
},
{
"name" : "RHSA-2017:2004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2004"
},
{
"name" : "RHSA-2017:2491",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2491"
},
{
"name" : "openSUSE-SU-2017:1422",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html"
},
{
"name" : "USN-3287-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3287-1"
},
{
"name" : "98409",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98409"
},
{
"name" : "1038479",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038479"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[git] 20170510 [ANNOUNCE] Git v2.12.3 and others",
"refsource": "MLIST",
"url": "http://public-inbox.org/git/xmqq8tm5ziat.fsf@gitster.mtv.corp.google.com/"
},
{
"name": "USN-3287-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3287-1"
},
{
"name": "FEDORA-2017-01a7989fc0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ISHYFLM2ACYHHY3JHCLF75X7UF4ZMDM/"
},
{
"name": "FEDORA-2017-f4319b6dfc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPYRN7APMHY4ZFDPAKD22J5R4QJFY2JP/"
},
{
"name": "GLSA-201706-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-04"
},
{
"name": "FEDORA-2017-7ea0e02914",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDS3LSJJ3YGGQYIVPKQDVOCXWDSF6JGF/"
},
{
"name": "https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/",
"refsource": "MISC",
"url": "https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/"
},
{
"name": "https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5",
"refsource": "CONFIRM",
"url": "https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5"
},
{
"name": "1038479",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038479"
},
{
"name": "RHSA-2017:2491",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2491"
},
{
"name": "openSUSE-SU-2017:1422",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-05/msg00090.html"
},
{
"name": "RHSA-2017:2004",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2004"
},
{
"name": "98409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98409"
},
{
"name": "DSA-3848",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3848"
}
]
}
}

150
2017/8xxx/CVE-2017-8481.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8481",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Windows",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Windows",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42242",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42242/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8481",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8481"
},
{
"name" : "98862",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98862"
},
{
"name" : "1038659",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038659"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038659",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038659"
},
{
"name": "98862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98862"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8481",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8481"
},
{
"name": "42242",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42242/"
}
]
}
}

140
2017/8xxx/CVE-2017-8852.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8852",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41991",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41991/"
},
{
"name" : "https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability",
"refsource" : "MISC",
"url" : "https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability"
},
{
"name" : "98350",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98350"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It could be exploited with a crafted CAR archive file received from an untrusted remote source. The problem is that the length of data written is an arbitrary number found within the file. The vendor response is SAP Security Note 2441560."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/sap-sapcar-heap-based-buffer-overflow-vulnerability"
},
{
"name": "41991",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41991/"
},
{
"name": "98350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98350"
}
]
}
}

130
2017/8xxx/CVE-2017-8920.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cgiirc.org/",
"refsource" : "CONFIRM",
"url" : "http://cgiirc.org/"
},
{
"name" : "https://github.com/dgl/cgiirc/commit/46dd48442204207b52c16065ad67d294194afd8d",
"refsource" : "CONFIRM",
"url" : "https://github.com/dgl/cgiirc/commit/46dd48442204207b52c16065ad67d294194afd8d"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cgiirc.org/",
"refsource": "CONFIRM",
"url": "http://cgiirc.org/"
},
{
"name": "https://github.com/dgl/cgiirc/commit/46dd48442204207b52c16065ad67d294194afd8d",
"refsource": "CONFIRM",
"url": "https://github.com/dgl/cgiirc/commit/46dd48442204207b52c16065ad67d294194afd8d"
}
]
}
}

34
2018/12xxx/CVE-2018-12262.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12262",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-12262",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

34
2018/12xxx/CVE-2018-12419.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12419",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12419",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/12xxx/CVE-2018-12913.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12913",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/richgel999/miniz/issues/90",
"refsource" : "MISC",
"url" : "https://github.com/richgel999/miniz/issues/90"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/richgel999/miniz/issues/90",
"refsource": "MISC",
"url": "https://github.com/richgel999/miniz/issues/90"
}
]
}
}

34
2018/13xxx/CVE-2018-13916.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13916",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13916",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/13xxx/CVE-2018-13984.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13984",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13984",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/16xxx/CVE-2018-16273.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16273",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16273",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/16xxx/CVE-2018-16275.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16275",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OPSWAT MetaDefender before v4.11.2 allows CSV injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://onlinehelp.opswat.com/corev4/10._Release_notes.html",
"refsource" : "CONFIRM",
"url" : "https://onlinehelp.opswat.com/corev4/10._Release_notes.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OPSWAT MetaDefender before v4.11.2 allows CSV injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://onlinehelp.opswat.com/corev4/10._Release_notes.html",
"refsource": "CONFIRM",
"url": "https://onlinehelp.opswat.com/corev4/10._Release_notes.html"
}
]
}
}

190
2018/16xxx/CVE-2018-16539.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16539",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"
},
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b",
"refsource" : "MISC",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699658",
"refsource" : "MISC",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699658"
},
{
"name" : "https://www.artifex.com/news/ghostscript-security-resolved/",
"refsource" : "MISC",
"url" : "https://www.artifex.com/news/ghostscript-security-resolved/"
},
{
"name" : "DSA-4288",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4288"
},
{
"name" : "GLSA-201811-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-12"
},
{
"name" : "RHSA-2018:3650",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3650"
},
{
"name" : "USN-3768-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3768-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3650",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3650"
},
{
"name": "GLSA-201811-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-12"
},
{
"name": "USN-3768-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3768-1/"
},
{
"name": "https://www.artifex.com/news/ghostscript-security-resolved/",
"refsource": "MISC",
"url": "https://www.artifex.com/news/ghostscript-security-resolved/"
},
{
"name": "DSA-4288",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4288"
},
{
"name": "[debian-lts-announce] 20180913 [SECURITY] [DLA 1504-1] ghostscript security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00015.html"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=699658",
"refsource": "MISC",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=699658"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b",
"refsource": "MISC",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=a054156d425b4dbdaaa9fda4b5f1182b27598c2b"
}
]
}
}

34
2018/16xxx/CVE-2018-16694.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16694",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16694",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

270
2018/17xxx/CVE-2018-17182.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17182",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45497",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45497/"
},
{
"name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name" : "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name" : "https://www.openwall.com/lists/oss-security/2018/09/18/4",
"refsource" : "MISC",
"url" : "https://www.openwall.com/lists/oss-security/2018/09/18/4"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20190204-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"name" : "DSA-4308",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4308"
},
{
"name" : "RHSA-2018:3656",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3656"
},
{
"name" : "USN-3776-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3776-1/"
},
{
"name" : "USN-3776-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3776-2/"
},
{
"name" : "USN-3777-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3777-1/"
},
{
"name" : "USN-3777-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3777-2/"
},
{
"name" : "USN-3777-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3777-3/"
},
{
"name" : "105417",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105417"
},
{
"name" : "106503",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106503"
},
{
"name" : "1041748",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041748"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3776-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3776-1/"
},
{
"name": "USN-3776-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3776-2/"
},
{
"name": "USN-3777-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-1/"
},
{
"name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190204-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190204-0001/"
},
{
"name": "RHSA-2018:3656",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3656"
},
{
"name": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "DSA-4308",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4308"
},
{
"name": "105417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105417"
},
{
"name": "45497",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45497/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2018/09/18/4",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2018/09/18/4"
},
{
"name": "1041748",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041748"
},
{
"name": "USN-3777-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-2/"
},
{
"name": "106503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106503"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2"
},
{
"name": "USN-3777-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3777-3/"
}
]
}
}

172
2018/17xxx/CVE-2018-17467.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-17467",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect security UI"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-17467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": " 70.0.3538.67"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/844881",
"refsource" : "MISC",
"url" : "https://crbug.com/844881"
},
{
"name" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4330",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4330"
},
{
"name" : "GLSA-201811-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-10"
},
{
"name" : "RHSA-2018:3004",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name" : "105666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105666"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect security UI"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4330",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4330"
},
{
"name": "RHSA-2018:3004",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3004"
},
{
"name": "GLSA-201811-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-10"
},
{
"name": "https://crbug.com/844881",
"refsource": "MISC",
"url": "https://crbug.com/844881"
},
{
"name": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html"
},
{
"name": "105666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105666"
}
]
}
}