admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:01:06 +00:00
parent c6f5cd9802
commit f31c0223fd
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 4182 additions and 4182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

220
2002/0xxx/CVE-2002-0071.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "A041002-1",
"refsource" : "ATSTAKE",
"url" : "http://www.atstake.com/research/advisories/2002/a041002-1.txt"
},
{
"name" : "20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101854087828265&w=2"
},
{
"name" : "MS02-018",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018"
},
{
"name" : "CA-2002-09",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2002-09.html"
},
{
"name" : "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml"
},
{
"name" : "VU#363715",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/363715"
},
{
"name" : "iis-htr-isapi-bo(8799)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8799.php"
},
{
"name" : "4474",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4474"
},
{
"name" : "3325",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3325"
},
{
"name" : "oval:org.mitre.oval:def:130",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A130"
},
{
"name" : "oval:org.mitre.oval:def:45",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A45"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:45",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A45"
},
{
"name": "oval:org.mitre.oval:def:130",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A130"
},
{
"name": "3325",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3325"
},
{
"name": "A041002-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2002/a041002-1.txt"
},
{
"name": "20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101854087828265&w=2"
},
{
"name": "4474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4474"
},
{
"name": "VU#363715",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/363715"
},
{
"name": "MS02-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018"
},
{
"name": "iis-htr-isapi-bo(8799)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8799.php"
},
{
"name": "CA-2002-09",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-09.html"
},
{
"name": "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml"
}
]
}
}

150
2002/0xxx/CVE-2002-0259.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0259",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020209 InstantServers MiniPortal Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101329397901071&w=2"
},
{
"name" : "http://www.instantservers.com/releases.html",
"refsource" : "CONFIRM",
"url" : "http://www.instantservers.com/releases.html"
},
{
"name" : "miniportal-plaintext-information(8170)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8170.php"
},
{
"name" : "4076",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4076"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "miniportal-plaintext-information(8170)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8170.php"
},
{
"name": "http://www.instantservers.com/releases.html",
"refsource": "CONFIRM",
"url": "http://www.instantservers.com/releases.html"
},
{
"name": "4076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4076"
},
{
"name": "20020209 InstantServers MiniPortal Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101329397901071&w=2"
}
]
}
}

140
2002/0xxx/CVE-2002-0551.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0551",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestbook pages via the parameters (1) name, (2) mail, or (3) kommentar."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020403 Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0052.html"
},
{
"name" : "dynamic-guestbook-css(8763)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8763.php"
},
{
"name" : "4422",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4422"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows remote attackers to execute code in clients who access guestbook pages via the parameters (1) name, (2) mail, or (3) kommentar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4422"
},
{
"name": "20020403 Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0052.html"
},
{
"name": "dynamic-guestbook-css(8763)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8763.php"
}
]
}
}

140
2002/0xxx/CVE-2002-0762.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SuSE-SA:2002:017",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2002_17_shadow.html"
},
{
"name" : "suse-shadow-filesize-limits(9102)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9102.php"
},
{
"name" : "4757",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4757"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "suse-shadow-filesize-limits(9102)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9102.php"
},
{
"name": "4757",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4757"
},
{
"name": "SuSE-SA:2002:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_17_shadow.html"
}
]
}
}

210
2002/1xxx/CVE-2002-1217.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1217",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021015 Internet Explorer : The D-Day",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103470310417576&w=2"
},
{
"name" : "20021015 Internet Explorer : The D-Day",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=103470202010570&w=2"
},
{
"name" : "20021015 Internet Explorer : The D-Day",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.html"
},
{
"name" : "http://security.greymagic.com/adv/gm011-ie/",
"refsource" : "MISC",
"url" : "http://security.greymagic.com/adv/gm011-ie/"
},
{
"name" : "MS02-066",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"name" : "N-018",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/n-018.shtml"
},
{
"name" : "5963",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5963"
},
{
"name" : "oval:org.mitre.oval:def:272",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A272"
},
{
"name" : "oval:org.mitre.oval:def:333",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A333"
},
{
"name" : "ie-iframe-document-script-execution(10371)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10371.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Frame scripting vulnerability in the WebBrowser control as used in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code, read arbitrary files, or conduct other unauthorized activities via script that accesses the Document property, which bypasses <frame> and <iframe> domain restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:272",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A272"
},
{
"name": "MS02-066",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
},
{
"name": "oval:org.mitre.oval:def:333",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A333"
},
{
"name": "20021015 Internet Explorer : The D-Day",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103470310417576&w=2"
},
{
"name": "20021015 Internet Explorer : The D-Day",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=103470202010570&w=2"
},
{
"name": "ie-iframe-document-script-execution(10371)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10371.php"
},
{
"name": "5963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5963"
},
{
"name": "http://security.greymagic.com/adv/gm011-ie/",
"refsource": "MISC",
"url": "http://security.greymagic.com/adv/gm011-ie/"
},
{
"name": "20021015 Internet Explorer : The D-Day",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0024.html"
},
{
"name": "N-018",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-018.shtml"
}
]
}
}

170
2002/1xxx/CVE-2002-1381.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021204 Local root vulnerability found in exim 4.x (and 3.x)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103903403527788&w=2"
},
{
"name" : "[Exim] 20021204 Minor security problem in both Exim 3 and 4",
"refsource" : "MLIST",
"url" : "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html"
},
{
"name" : "http://groups.yahoo.com/group/exim-users/message/42358",
"refsource" : "CONFIRM",
"url" : "http://groups.yahoo.com/group/exim-users/message/42358"
},
{
"name" : "GLSA-200212-5",
"refsource" : "GENTOO",
"url" : "http://marc.info/?l=bugtraq&m=104006219018664&w=2"
},
{
"name" : "6314",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6314"
},
{
"name" : "exim-daemonc-format-string(10761)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10761"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "exim-daemonc-format-string(10761)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10761"
},
{
"name": "6314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6314"
},
{
"name": "20021204 Local root vulnerability found in exim 4.x (and 3.x)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103903403527788&w=2"
},
{
"name": "GLSA-200212-5",
"refsource": "GENTOO",
"url": "http://marc.info/?l=bugtraq&m=104006219018664&w=2"
},
{
"name": "http://groups.yahoo.com/group/exim-users/message/42358",
"refsource": "CONFIRM",
"url": "http://groups.yahoo.com/group/exim-users/message/42358"
},
{
"name": "[Exim] 20021204 Minor security problem in both Exim 3 and 4",
"refsource": "MLIST",
"url": "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html"
}
]
}
}

150
2002/1xxx/CVE-2002-1791.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1791",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with world-writable permissions, which allows local users to overwrite or corrupt those files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020903-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20020903-02-P"
},
{
"name" : "N-004",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/n-004.shtml"
},
{
"name" : "5895",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5895"
},
{
"name" : "irix-desktop-files-insecure(10273)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10273.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with world-writable permissions, which allows local users to overwrite or corrupt those files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020903-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020903-02-P"
},
{
"name": "irix-desktop-files-insecure(10273)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10273.php"
},
{
"name": "N-004",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-004.shtml"
},
{
"name": "5895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5895"
}
]
}
}

130
2002/2xxx/CVE-2002-2085.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2085",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020205 Security Hole in WWWeBBB forum",
"refsource" : "VULN-DEV",
"url" : "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0369.html"
},
{
"name" : "1003456",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1003456"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1003456",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1003456"
},
{
"name": "20020205 Security Hole in WWWeBBB forum",
"refsource": "VULN-DEV",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0369.html"
}
]
}
}

160
2002/2xxx/CVE-2002-2377.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020629 SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/279707"
},
{
"name" : "5130",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5130"
},
{
"name" : "5131",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5131"
},
{
"name" : "zapbook-entry-xss(9471)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9471.php"
},
{
"name" : "zapbook-ssi-command-execution(9472)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9472.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020629 SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/279707"
},
{
"name": "5130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5130"
},
{
"name": "zapbook-entry-xss(9471)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9471.php"
},
{
"name": "5131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5131"
},
{
"name": "zapbook-ssi-command-execution(9472)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9472.php"
}
]
}
}

150
2005/0xxx/CVE-2005-0633.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0633",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050306 See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111023000624809&w=2"
},
{
"name" : "12703",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12703"
},
{
"name" : "ADV-2005-0221",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0221"
},
{
"name" : "http://www.securiteam.com/exploits/5KP030KF5E.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/exploits/5KP030KF5E.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-0221",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0221"
},
{
"name": "12703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12703"
},
{
"name": "20050306 See-security advisory: Trillian Basic 3.0 PNG Processing Buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111023000624809&w=2"
},
{
"name": "http://www.securiteam.com/exploits/5KP030KF5E.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5KP030KF5E.html"
}
]
}
}

140
2005/1xxx/CVE-2005-1293.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1293",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050424 Multiple SQL Injections in StorePortal 2.63",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111445131808328&w=2"
},
{
"name" : "http://digitalparadox.org/advisories/storeportal.txt",
"refsource" : "MISC",
"url" : "http://digitalparadox.org/advisories/storeportal.txt"
},
{
"name" : "15071",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15071"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050424 Multiple SQL Injections in StorePortal 2.63",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111445131808328&w=2"
},
{
"name": "http://digitalparadox.org/advisories/storeportal.txt",
"refsource": "MISC",
"url": "http://digitalparadox.org/advisories/storeportal.txt"
},
{
"name": "15071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15071"
}
]
}
}

120
2005/1xxx/CVE-2005-1299.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1299",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050425 remote command execution in inserter.cgi script",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111444807013846&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050425 remote command execution in inserter.cgi script",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111444807013846&w=2"
}
]
}
}

170
2005/1xxx/CVE-2005-1965.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1965",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in siteframe.php for Broadpool Siteframe allows remote attackers to execute arbitrary code via a URL in the LOCAL_PATH parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Siteframe-Announce] 20060621 WARNING: Security Vulnerability identified in Siteframe 3.x",
"refsource" : "MLIST",
"url" : "http://list.broadpool.com/pipermail/siteframe-announce/2005-June/000020.html"
},
{
"name" : "13928",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13928"
},
{
"name" : "17246",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17246"
},
{
"name" : "1014150",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014150"
},
{
"name" : "15657",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15657"
},
{
"name" : "siteframe-localpath-file-include(20973)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20973"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in siteframe.php for Broadpool Siteframe allows remote attackers to execute arbitrary code via a URL in the LOCAL_PATH parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13928"
},
{
"name": "siteframe-localpath-file-include(20973)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20973"
},
{
"name": "15657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15657"
},
{
"name": "17246",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17246"
},
{
"name": "1014150",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014150"
},
{
"name": "[Siteframe-Announce] 20060621 WARNING: Security Vulnerability identified in Siteframe 3.x",
"refsource": "MLIST",
"url": "http://list.broadpool.com/pipermail/siteframe-announce/2005-June/000020.html"
}
]
}
}

540
2009/0xxx/CVE-2009-0023.json
View File

@ -1,272 +1,272 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0023",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091112 rPSA-2009-0144-1 apr-util",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507855/100/0/threaded"
},
{
"name" : "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3",
"refsource" : "CONFIRM",
"url" : "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=503928",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"name" : "http://svn.apache.org/viewvc?view=rev&revision=779880",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=rev&revision=779880"
},
{
"name" : "http://support.apple.com/kb/HT3937",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3937"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0144",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0144"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name" : "PK88341",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341"
},
{
"name" : "PK91241",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
},
{
"name" : "PK99478",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
},
{
"name" : "APPLE-SA-2009-11-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name" : "DSA-1812",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1812"
},
{
"name" : "FEDORA-2009-5969",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
},
{
"name" : "FEDORA-2009-6014",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
},
{
"name" : "FEDORA-2009-6261",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
},
{
"name" : "GLSA-200907-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200907-03.xml"
},
{
"name" : "HPSBUX02612",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
},
{
"name" : "SSRT100345",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
},
{
"name" : "MDVSA-2009:131",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "RHSA-2009:1107",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
},
{
"name" : "RHSA-2009:1108",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
},
{
"name" : "SSA:2009-167-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210"
},
{
"name" : "USN-786-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-786-1"
},
{
"name" : "USN-787-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-787-1"
},
{
"name" : "35221",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35221"
},
{
"name" : "oval:org.mitre.oval:def:10968",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968"
},
{
"name" : "oval:org.mitre.oval:def:12321",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321"
},
{
"name" : "35284",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35284"
},
{
"name" : "35360",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35360"
},
{
"name" : "34724",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34724"
},
{
"name" : "35444",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35444"
},
{
"name" : "35487",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35487"
},
{
"name" : "35395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35395"
},
{
"name" : "35565",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35565"
},
{
"name" : "35710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35710"
},
{
"name" : "35843",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35843"
},
{
"name" : "35797",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35797"
},
{
"name" : "37221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37221"
},
{
"name" : "ADV-2009-1907",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1907"
},
{
"name" : "ADV-2009-3184",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name" : "apache-aprstrmatchprecompile-dos(50964)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50964"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35487",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35487"
},
{
"name": "DSA-1812",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1812"
},
{
"name": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3"
},
{
"name": "ADV-2009-1907",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1907"
},
{
"name": "FEDORA-2009-5969",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html"
},
{
"name": "35444",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35444"
},
{
"name": "PK88341",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341"
},
{
"name": "MDVSA-2009:131",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:131"
},
{
"name": "35360",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35360"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=503928",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"name": "35395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35395"
},
{
"name": "PK99478",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478"
},
{
"name": "oval:org.mitre.oval:def:12321",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321"
},
{
"name": "apache-aprstrmatchprecompile-dos(50964)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50964"
},
{
"name": "35284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35284"
},
{
"name": "PK91241",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241"
},
{
"name": "20091112 rPSA-2009-0144-1 apr-util",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507855/100/0/threaded"
},
{
"name": "35221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35221"
},
{
"name": "35843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35843"
},
{
"name": "FEDORA-2009-6014",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html"
},
{
"name": "RHSA-2009:1108",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1108.html"
},
{
"name": "HPSBUX02612",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0144",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0144"
},
{
"name": "35797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35797"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name": "GLSA-200907-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-03.xml"
},
{
"name": "oval:org.mitre.oval:def:10968",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968"
},
{
"name": "FEDORA-2009-6261",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html"
},
{
"name": "USN-786-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-786-1"
},
{
"name": "34724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34724"
},
{
"name": "37221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37221"
},
{
"name": "http://svn.apache.org/viewvc?view=rev&revision=779880",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=rev&revision=779880"
},
{
"name": "35565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35565"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "SSRT100345",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
},
{
"name": "SSA:2009-167-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "35710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35710"
},
{
"name": "RHSA-2009:1107",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1107.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "USN-787-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-787-1"
}
]
}
}

980
2009/0xxx/CVE-2009-0217.json
View File

@ -1,492 +1,492 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0217",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-0217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html",
"refsource" : "MISC",
"url" : "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925"
},
{
"name" : "http://www.aleksey.com/xmlsec/",
"refsource" : "CONFIRM",
"url" : "http://www.aleksey.com/xmlsec/"
},
{
"name" : "http://www.mono-project.com/Vulnerabilities",
"refsource" : "CONFIRM",
"url" : "http://www.mono-project.com/Vulnerabilities"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name" : "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03",
"refsource" : "CONFIRM",
"url" : "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03"
},
{
"name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"
},
{
"name" : "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"
},
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"
},
{
"name" : "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161",
"refsource" : "CONFIRM",
"url" : "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161"
},
{
"name" : "http://www.kb.cert.org/vuls/id/WDON-7TY529",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/WDON-7TY529"
},
{
"name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
},
{
"name" : "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
},
{
"name" : "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
},
{
"name" : "http://svn.apache.org/viewvc?revision=794013&view=revision",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?revision=794013&view=revision"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=511915",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=511915"
},
{
"name" : "http://www.openoffice.org/security/cves/CVE-2009-0217.html",
"refsource" : "CONFIRM",
"url" : "http://www.openoffice.org/security/cves/CVE-2009-0217.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name" : "PK80596",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere"
},
{
"name" : "PK80627",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere"
},
{
"name" : "APPLE-SA-2009-09-03-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
},
{
"name" : "DSA-1995",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-1995"
},
{
"name" : "FEDORA-2009-8329",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"
},
{
"name" : "FEDORA-2009-8337",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"
},
{
"name" : "FEDORA-2009-8456",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"
},
{
"name" : "FEDORA-2009-8473",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"
},
{
"name" : "GLSA-201408-19",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name" : "HPSBUX02476",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=125787273209737&w=2"
},
{
"name" : "SSRT090250",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=125787273209737&w=2"
},
{
"name" : "MDVSA-2009:209",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"
},
{
"name" : "MS10-041",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"
},
{
"name" : "RHSA-2009:1200",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1200.html"
},
{
"name" : "RHSA-2009:1201",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1201.html"
},
{
"name" : "RHSA-2009:1428",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1428.html"
},
{
"name" : "RHSA-2009:1636",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
},
{
"name" : "RHSA-2009:1637",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
},
{
"name" : "RHSA-2009:1649",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
},
{
"name" : "RHSA-2009:1650",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
},
{
"name" : "RHSA-2009:1694",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
},
{
"name" : "263429",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1"
},
{
"name" : "269208",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1"
},
{
"name" : "1020710",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1"
},
{
"name" : "SUSE-SA:2009:053",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
},
{
"name" : "SUSE-SA:2010:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"
},
{
"name" : "USN-826-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/826-1/"
},
{
"name" : "USN-903-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-903-1"
},
{
"name" : "TA09-294A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
},
{
"name" : "TA10-159B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name" : "VU#466161",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/466161"
},
{
"name" : "35671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35671"
},
{
"name" : "55895",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55895"
},
{
"name" : "55907",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55907"
},
{
"name" : "oval:org.mitre.oval:def:10186",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186"
},
{
"name" : "oval:org.mitre.oval:def:7158",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158"
},
{
"name" : "oval:org.mitre.oval:def:8717",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717"
},
{
"name" : "1022561",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022561"
},
{
"name" : "1022567",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022567"
},
{
"name" : "1022661",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022661"
},
{
"name" : "35776",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35776"
},
{
"name" : "35853",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35853"
},
{
"name" : "35854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35854"
},
{
"name" : "35855",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35855"
},
{
"name" : "35858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35858"
},
{
"name" : "36162",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36162"
},
{
"name" : "36176",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36176"
},
{
"name" : "36180",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36180"
},
{
"name" : "35852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35852"
},
{
"name" : "36494",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36494"
},
{
"name" : "37300",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37300"
},
{
"name" : "37671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37671"
},
{
"name" : "37841",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37841"
},
{
"name" : "38567",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38567"
},
{
"name" : "38568",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38568"
},
{
"name" : "38695",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38695"
},
{
"name" : "38921",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38921"
},
{
"name" : "34461",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34461"
},
{
"name" : "60799",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60799"
},
{
"name" : "41818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/41818"
},
{
"name" : "ADV-2009-1900",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name" : "ADV-2009-1908",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1908"
},
{
"name" : "ADV-2009-1911",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1911"
},
{
"name" : "ADV-2009-1909",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1909"
},
{
"name" : "ADV-2009-2543",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2543"
},
{
"name" : "ADV-2009-3122",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3122"
},
{
"name" : "ADV-2010-0366",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0366"
},
{
"name" : "ADV-2010-0635",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0635"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; (7) Microsoft .NET Framework 3.0 through 3.0 SP2, 3.5, and 4.0; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:1428",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1428.html"
},
{
"name": "ADV-2009-3122",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3122"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2009-0217.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2009-0217.html"
},
{
"name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47526"
},
{
"name": "60799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60799"
},
{
"name": "GLSA-201408-19",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "PK80596",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023545&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere"
},
{
"name": "RHSA-2009:1200",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"
},
{
"name": "35776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35776"
},
{
"name": "36162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36162"
},
{
"name": "36494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36494"
},
{
"name": "ADV-2009-2543",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2543"
},
{
"name": "35858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35858"
},
{
"name": "38695",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38695"
},
{
"name": "269208",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-269208-1"
},
{
"name": "DSA-1995",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1995"
},
{
"name": "HPSBUX02476",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2"
},
{
"name": "35853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35853"
},
{
"name": "RHSA-2009:1637",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
},
{
"name": "RHSA-2009:1694",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1694.html"
},
{
"name": "35852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35852"
},
{
"name": "35854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35854"
},
{
"name": "34461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34461"
},
{
"name": "http://www.kb.cert.org/vuls/id/WDON-7TY529",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/WDON-7TY529"
},
{
"name": "http://www.mono-project.com/Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://www.mono-project.com/Vulnerabilities"
},
{
"name": "1020710",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020710.1-1"
},
{
"name": "USN-903-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-903-1"
},
{
"name": "35671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35671"
},
{
"name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=47527"
},
{
"name": "ADV-2010-0366",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0366"
},
{
"name": "55907",
"refsource": "OSVDB",
"url": "http://osvdb.org/55907"
},
{
"name": "MDVSA-2009:209",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"
},
{
"name": "SUSE-SA:2010:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html"
},
{
"name": "38567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38567"
},
{
"name": "FEDORA-2009-8329",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"
},
{
"name": "263429",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-263429-1"
},
{
"name": "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161",
"refsource": "CONFIRM",
"url": "http://blogs.sun.com/security/entry/cert_vulnerability_note_vu_466161"
},
{
"name": "SSRT090250",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=125787273209737&w=2"
},
{
"name": "ADV-2009-1900",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name": "1022561",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022561"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
},
{
"name": "37671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37671"
},
{
"name": "VU#466161",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/466161"
},
{
"name": "1022567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022567"
},
{
"name": "RHSA-2009:1636",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
},
{
"name": "PK80627",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?rs=180&context=SSEQTP&dc=D400&uid=swg24023723&loc=en_US&cs=UTF-8&lang=en&rss=ct180websphere"
},
{
"name": "RHSA-2009:1649",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name": "TA09-294A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
},
{
"name": "ADV-2009-1909",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1909"
},
{
"name": "ADV-2010-0635",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0635"
},
{
"name": "http://svn.apache.org/viewvc?revision=794013&view=revision",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?revision=794013&view=revision"
},
{
"name": "38568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38568"
},
{
"name": "36180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36180"
},
{
"name": "FEDORA-2009-8456",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html"
},
{
"name": "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03",
"refsource": "CONFIRM",
"url": "http://www.w3.org/2008/06/xmldsigcore-errata.html#e03"
},
{
"name": "USN-826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/826-1/"
},
{
"name": "37841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37841"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1"
},
{
"name": "35855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35855"
},
{
"name": "FEDORA-2009-8473",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html"
},
{
"name": "36176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36176"
},
{
"name": "oval:org.mitre.oval:def:7158",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7158"
},
{
"name": "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html",
"refsource": "MISC",
"url": "http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html"
},
{
"name": "ADV-2009-1908",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1908"
},
{
"name": "FEDORA-2009-8337",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"
},
{
"name": "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/cgit/xmlsec/commit/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg21384925"
},
{
"name": "41818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41818"
},
{
"name": "1022661",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022661"
},
{
"name": "37300",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37300"
},
{
"name": "ADV-2009-1911",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1911"
},
{
"name": "APPLE-SA-2009-09-03-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
},
{
"name": "SUSE-SA:2009:053",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
},
{
"name": "oval:org.mitre.oval:def:8717",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8717"
},
{
"name": "RHSA-2009:1201",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"
},
{
"name": "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/cgit/xmlsec/patch/?id=34b349675af9f72eb822837a8772cc1ead7115c7"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7TSKXQ"
},
{
"name": "TA10-159B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-159B.html"
},
{
"name": "oval:org.mitre.oval:def:10186",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10186"
},
{
"name": "55895",
"refsource": "OSVDB",
"url": "http://osvdb.org/55895"
},
{
"name": "http://www.aleksey.com/xmlsec/",
"refsource": "CONFIRM",
"url": "http://www.aleksey.com/xmlsec/"
},
{
"name": "MS10-041",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041"
},
{
"name": "38921",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38921"
},
{
"name": "RHSA-2009:1650",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=511915",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=511915"
}
]
}
}

150
2009/0xxx/CVE-2009-0438.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass \"Authorization checking\" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name" : "PK75248",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK75248"
},
{
"name" : "33700",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33700"
},
{
"name" : "websphere-jsp-win-information-disclosure(48528)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48528"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass \"Authorization checking\" and obtain sensitive information from JSP pages via a crafted request. NOTE: this is probably a duplicate of CVE-2008-5412."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33700"
},
{
"name": "PK75248",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK75248"
},
{
"name": "websphere-jsp-win-information-disclosure(48528)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48528"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
}
]
}
}

34
2009/1xxx/CVE-2009-1153.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1153",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-1153",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}

170
2009/1xxx/CVE-2009-1732.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1732",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/usermanager in IPplan 4.91a allows remote attackers to inject arbitrary web script or HTML via the grp parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://holisticinfosec.org/content/view/113/45/",
"refsource" : "MISC",
"url" : "http://holisticinfosec.org/content/view/113/45/"
},
{
"name" : "DSA-1827",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1827"
},
{
"name" : "35037",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35037"
},
{
"name" : "54600",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54600"
},
{
"name" : "34985",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34985"
},
{
"name" : "35714",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35714"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/usermanager in IPplan 4.91a allows remote attackers to inject arbitrary web script or HTML via the grp parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34985"
},
{
"name": "DSA-1827",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1827"
},
{
"name": "http://holisticinfosec.org/content/view/113/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/113/45/"
},
{
"name": "35714",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35714"
},
{
"name": "54600",
"refsource": "OSVDB",
"url": "http://osvdb.org/54600"
},
{
"name": "35037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35037"
}
]
}
}

150
2009/1xxx/CVE-2009-1826.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8708",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8708"
},
{
"name" : "http://www.collector.ch/download/mygesuad-0.9.zip",
"refsource" : "CONFIRM",
"url" : "http://www.collector.ch/download/mygesuad-0.9.zip"
},
{
"name" : "http://www.collector.ch/drupal5/?q=node/39",
"refsource" : "CONFIRM",
"url" : "http://www.collector.ch/drupal5/?q=node/39"
},
{
"name" : "ADV-2009-1345",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1345"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.collector.ch/download/mygesuad-0.9.zip",
"refsource": "CONFIRM",
"url": "http://www.collector.ch/download/mygesuad-0.9.zip"
},
{
"name": "ADV-2009-1345",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1345"
},
{
"name": "8708",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8708"
},
{
"name": "http://www.collector.ch/drupal5/?q=node/39",
"refsource": "CONFIRM",
"url": "http://www.collector.ch/drupal5/?q=node/39"
}
]
}
}

140
2012/2xxx/CVE-2012-2011.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2011",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-2011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBPI02779",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03331603"
},
{
"name" : "SSRT100855",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03331603"
},
{
"name" : "1027138",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBPI02779",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03331603"
},
{
"name": "SSRT100855",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03331603"
},
{
"name": "1027138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027138"
}
]
}
}

210
2012/2xxx/CVE-2012-2107.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2107",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120416 CVE Requests: Multiple security flaws in csound5",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/16/1"
},
{
"name" : "[oss-security] 20120416 Re: CVE Requests: Multiple security flaws in csound5",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/16/9"
},
{
"name" : "http://secunia.com/secunia_research/2012-6/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2012-6/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=810807",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=810807"
},
{
"name" : "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch2",
"refsource" : "CONFIRM",
"url" : "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch2"
},
{
"name" : "openSUSE-SU-2012:0550",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.html"
},
{
"name" : "52876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52876"
},
{
"name" : "81015",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/81015"
},
{
"name" : "48719",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48719"
},
{
"name" : "csound-pcimain-bo(74650)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74650"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "csound-pcimain-bo(74650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74650"
},
{
"name": "48719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48719"
},
{
"name": "81015",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81015"
},
{
"name": "52876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52876"
},
{
"name": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch2",
"refsource": "CONFIRM",
"url": "http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=61d1df45ca9a52bab62892a3c3a13c41e6384505#patch2"
},
{
"name": "http://secunia.com/secunia_research/2012-6/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2012-6/"
},
{
"name": "openSUSE-SU-2012:0550",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-04/msg00057.html"
},
{
"name": "[oss-security] 20120416 CVE Requests: Multiple security flaws in csound5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/16/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=810807",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=810807"
},
{
"name": "[oss-security] 20120416 Re: CVE Requests: Multiple security flaws in csound5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/16/9"
}
]
}
}

150
2012/2xxx/CVE-2012-2362.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120523 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2012/05/23/2"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=038131c8b5614f18c14d964dc53b6960ae6c30d8",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=038131c8b5614f18c14d964dc53b6960ae6c30d8"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=203052",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=203052"
},
{
"name" : "82069",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/82069"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "82069",
"refsource": "OSVDB",
"url": "http://osvdb.org/82069"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=203052",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=203052"
},
{
"name": "[oss-security] 20120523 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/05/23/2"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=038131c8b5614f18c14d964dc53b6960ae6c30d8",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=038131c8b5614f18c14d964dc53b6960ae6c30d8"
}
]
}
}

34
2012/3xxx/CVE-2012-3048.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3048",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3048",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2012/3xxx/CVE-2012-3125.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3125",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect availability, related to TCP/IP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "54502",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54502"
},
{
"name" : "83925",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/83925"
},
{
"name" : "1027274",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027274"
},
{
"name" : "solaris-tcpip2-dos(77042)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77042"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect availability, related to TCP/IP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "83925",
"refsource": "OSVDB",
"url": "http://osvdb.org/83925"
},
{
"name": "1027274",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027274"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "54502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54502"
},
{
"name": "solaris-tcpip2-dos(77042)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77042"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

170
2012/3xxx/CVE-2012-3128.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle SPARC T-Series Servers running System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Integrated Lights Out Manager."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "54564",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54564"
},
{
"name" : "83973",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/83973"
},
{
"name" : "1027275",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027275"
},
{
"name" : "sparctseriesservers-ilom-cve20123128(77057)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77057"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle SPARC T-Series Servers running System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Integrated Lights Out Manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54564"
},
{
"name": "sparctseriesservers-ilom-cve20123128(77057)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77057"
},
{
"name": "1027275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027275"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "83973",
"refsource": "OSVDB",
"url": "http://osvdb.org/83973"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

170
2012/3xxx/CVE-2012-3661.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3661",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5400",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5400"
},
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-07-25-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
}

120
2012/4xxx/CVE-2012-4109.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-4109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130930 Cisco Unified Computing System Fabric Interconnect clear sshkey Command Injection Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4109"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The clear sshkey command in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86559."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130930 Cisco Unified Computing System Fabric Interconnect clear sshkey Command Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4109"
}
]
}
}

120
2012/4xxx/CVE-2012-4162.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4162",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4161."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-4162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4161."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
}
]
}
}

180
2012/4xxx/CVE-2012-4234.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4234",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120829 Cross-Site Scripting (XSS) in Phorum",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-08/0189.html"
},
{
"name" : "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23109",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23109"
},
{
"name" : "http://www.phorum.org/phorum5/read.php?64,151943",
"refsource" : "CONFIRM",
"url" : "http://www.phorum.org/phorum5/read.php?64,151943"
},
{
"name" : "55275",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55275"
},
{
"name" : "50445",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50445"
},
{
"name" : "phorum-group-xss(78124)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120829 Cross-Site Scripting (XSS) in Phorum",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0189.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23109",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23109"
},
{
"name": "50445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50445"
},
{
"name": "55275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55275"
},
{
"name": "phorum-group-xss(78124)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78124"
},
{
"name": "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,151943",
"refsource": "CONFIRM",
"url": "http://www.phorum.org/phorum5/read.php?64,151943"
}
]
}
}

160
2012/4xxx/CVE-2012-4602.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4602",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB23111",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23111"
},
{
"name" : "http://freecode.com/projects/tcexam/releases/347588",
"refsource" : "CONFIRM",
"url" : "http://freecode.com/projects/tcexam/releases/347588"
},
{
"name" : "http://sourceforge.net/projects/tcexam/files/CHANGELOG.TXT/view",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/projects/tcexam/files/CHANGELOG.TXT/view"
},
{
"name" : "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;a=commit;h=3e1ed3c02122eae182f076daabe903b0c8837971",
"refsource" : "CONFIRM",
"url" : "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;a=commit;h=3e1ed3c02122eae182f076daabe903b0c8837971"
},
{
"name" : "50539",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50539"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_select_users_popup.php in Nicola Asuni TCExam before 11.3.009 allow remote attackers to inject arbitrary web script or HTML via the (1) cid or (2) uids parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;a=commit;h=3e1ed3c02122eae182f076daabe903b0c8837971",
"refsource": "CONFIRM",
"url": "http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;a=commit;h=3e1ed3c02122eae182f076daabe903b0c8837971"
},
{
"name": "50539",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50539"
},
{
"name": "https://www.htbridge.com/advisory/HTB23111",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23111"
},
{
"name": "http://sourceforge.net/projects/tcexam/files/CHANGELOG.TXT/view",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/tcexam/files/CHANGELOG.TXT/view"
},
{
"name": "http://freecode.com/projects/tcexam/releases/347588",
"refsource": "CONFIRM",
"url": "http://freecode.com/projects/tcexam/releases/347588"
}
]
}
}

180
2012/4xxx/CVE-2012-4728.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted QPW file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130307 Multiple NULL Pointer Dereference Vulnerabilities in Corel Quattro Pro X6",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-03/0048.html"
},
{
"name" : "http://packetstormsecurity.com/files/120713/Corel-Quattro-Pro-X6-Standard-Edition-NULL-Pointer-Dereference.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/120713/Corel-Quattro-Pro-X6-Standard-Edition-NULL-Pointer-Dereference.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23112",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23112"
},
{
"name" : "58386",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/58386"
},
{
"name" : "91039",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/91039"
},
{
"name" : "91040",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/91040"
},
{
"name" : "corelquattropro-qpw-dos(82707)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82707"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QPW160.dll in Corel Quattro Pro X6 Standard Edition 16.0.0.388 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted QPW file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "corelquattropro-qpw-dos(82707)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82707"
},
{
"name": "91040",
"refsource": "OSVDB",
"url": "http://osvdb.org/91040"
},
{
"name": "91039",
"refsource": "OSVDB",
"url": "http://osvdb.org/91039"
},
{
"name": "http://packetstormsecurity.com/files/120713/Corel-Quattro-Pro-X6-Standard-Edition-NULL-Pointer-Dereference.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120713/Corel-Quattro-Pro-X6-Standard-Edition-NULL-Pointer-Dereference.html"
},
{
"name": "20130307 Multiple NULL Pointer Dereference Vulnerabilities in Corel Quattro Pro X6",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0048.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23112",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23112"
},
{
"name": "58386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58386"
}
]
}
}

290
2012/6xxx/CVE-2012-6150.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20131202 Re: CVE request: samba pam_winbind authentication fails open",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2013/12/03/5"
},
{
"name" : "[samba-technical] 20120612 winbind pam security problem",
"refsource" : "MLIST",
"url" : "https://lists.samba.org/archive/samba-technical/2012-June/084593.html"
},
{
"name" : "[samba-technical] 20131128 fail authentication if user isn't member of *any* require_membership_of specified groups",
"refsource" : "MLIST",
"url" : "https://lists.samba.org/archive/samba-technical/2013-November/096411.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1036897",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1036897"
},
{
"name" : "https://bugzilla.samba.org/show_bug.cgi?id=10300",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.samba.org/show_bug.cgi?id=10300"
},
{
"name" : "FEDORA-2014-9132",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"
},
{
"name" : "FEDORA-2014-7672",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html"
},
{
"name" : "GLSA-201502-15",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-15.xml"
},
{
"name" : "HPSBUX03087",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141660010015249&w=2"
},
{
"name" : "SSRT101413",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=141660010015249&w=2"
},
{
"name" : "MDVSA-2013:299",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:299"
},
{
"name" : "RHSA-2014:0330",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0330.html"
},
{
"name" : "openSUSE-SU-2013:1921",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html"
},
{
"name" : "SUSE-SU-2014:0024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html"
},
{
"name" : "openSUSE-SU-2014:0405",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html"
},
{
"name" : "openSUSE-SU-2016:1106",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"
},
{
"name" : "openSUSE-SU-2016:1107",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"
},
{
"name" : "USN-2054-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2054-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBUX03087",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141660010015249&w=2"
},
{
"name": "USN-2054-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2054-1"
},
{
"name": "[samba-technical] 20120612 winbind pam security problem",
"refsource": "MLIST",
"url": "https://lists.samba.org/archive/samba-technical/2012-June/084593.html"
},
{
"name": "FEDORA-2014-9132",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"
},
{
"name": "SSRT101413",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=141660010015249&w=2"
},
{
"name": "SUSE-SU-2014:0024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html"
},
{
"name": "openSUSE-SU-2014:0405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html"
},
{
"name": "GLSA-201502-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-15.xml"
},
{
"name": "FEDORA-2014-7672",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html"
},
{
"name": "openSUSE-SU-2013:1921",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html"
},
{
"name": "openSUSE-SU-2016:1106",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"
},
{
"name": "openSUSE-SU-2016:1107",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"
},
{
"name": "[samba-technical] 20131128 fail authentication if user isn't member of *any* require_membership_of specified groups",
"refsource": "MLIST",
"url": "https://lists.samba.org/archive/samba-technical/2013-November/096411.html"
},
{
"name": "[oss-security] 20131202 Re: CVE request: samba pam_winbind authentication fails open",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/12/03/5"
},
{
"name": "RHSA-2014:0330",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0330.html"
},
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=10300",
"refsource": "CONFIRM",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=10300"
},
{
"name": "MDVSA-2013:299",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:299"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1036897",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036897"
}
]
}
}

34
2012/6xxx/CVE-2012-6477.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6477",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6477",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2012/6xxx/CVE-2012-6496.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6496",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[rubyonrails-security] 20130102 SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)",
"refsource" : "MLIST",
"url" : "https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain"
},
{
"name" : "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/",
"refsource" : "MISC",
"url" : "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=889649",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=889649"
},
{
"name" : "GLSA-201401-22",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201401-22.xml"
},
{
"name" : "RHSA-2013:0154",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0154.html"
},
{
"name" : "RHSA-2013:0155",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0155.html"
},
{
"name" : "RHSA-2013:0220",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"name" : "RHSA-2013:0544",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
},
{
"name" : "57084",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57084"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=889649",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=889649"
},
{
"name": "RHSA-2013:0155",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html"
},
{
"name": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/",
"refsource": "MISC",
"url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/"
},
{
"name": "RHSA-2013:0220",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html"
},
{
"name": "GLSA-201401-22",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201401-22.xml"
},
{
"name": "RHSA-2013:0154",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html"
},
{
"name": "[rubyonrails-security] 20130102 SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)",
"refsource": "MLIST",
"url": "https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain"
},
{
"name": "57084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57084"
},
{
"name": "RHSA-2013:0544",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
}
]
}
}

34
2017/2xxx/CVE-2017-2015.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2015",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2015",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

130
2017/2xxx/CVE-2017-2548.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2548",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"WindowServer\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207797",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207797"
},
{
"name" : "1038484",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"WindowServer\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038484",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038484"
},
{
"name": "https://support.apple.com/HT207797",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207797"
}
]
}
}

132
2017/2xxx/CVE-2017-2738.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-2738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VCM5010",
"version" : {
"version_data" : [
{
"version_value" : "Versions earlier before V100R002C50SPC100"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP request. 5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authentication bypass"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VCM5010",
"version": {
"version_data": [
{
"version_value": "Versions earlier before V100R002C50SPC100"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en"
},
{
"name" : "97231",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97231"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP request. 5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en"
},
{
"name": "97231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97231"
}
]
}
}

140
2017/6xxx/CVE-2017-6341.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6341",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html",
"refsource" : "MISC",
"url" : "https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html"
},
{
"name" : "https://twitter.com/null_ku7/status/835649185168838657",
"refsource" : "MISC",
"url" : "https://twitter.com/null_ku7/status/835649185168838657"
},
{
"name" : "96456",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96456"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://twitter.com/null_ku7/status/835649185168838657",
"refsource": "MISC",
"url": "https://twitter.com/null_ku7/status/835649185168838657"
},
{
"name": "https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html",
"refsource": "MISC",
"url": "https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html"
},
{
"name": "96456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96456"
}
]
}
}

200
2017/6xxx/CVE-2017-6462.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6462",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.ntp.org/bin/view/Main/NtpBug3388",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/NtpBug3388"
},
{
"name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name" : "https://support.apple.com/HT208144",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208144"
},
{
"name" : "FreeBSD-SA-17:03",
"refsource" : "FREEBSD",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name" : "RHSA-2017:3071",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"name" : "RHSA-2018:0855",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0855"
},
{
"name" : "USN-3707-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3707-2/"
},
{
"name" : "97045",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97045"
},
{
"name" : "1038123",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038123"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "97045",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97045"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3388",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3388"
},
{
"name": "FreeBSD-SA-17:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "RHSA-2017:3071",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3071"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "RHSA-2018:0855",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0855"
}
]
}
}

130
2017/6xxx/CVE-2017-6691.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-6691",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Elastic Services Controller",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Elastic Services Controller"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Elastic Services Controller",
"version": {
"version_data": [
{
"version_value": "Cisco Elastic Services Controller"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6"
},
{
"name" : "98948",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98948"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98948"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc6"
}
]
}
}

140
2017/6xxx/CVE-2017-6813.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6813",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wiki.zimbra.com/wiki/Security_Center",
"refsource" : "CONFIRM",
"url" : "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6",
"refsource" : "CONFIRM",
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6"
},
{
"name" : "98087",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98087"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Security_Center",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "98087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98087"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6"
}
]
}
}

130
2018/11xxx/CVE-2018-11596.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11596",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\\0' is made for the wrong array element in jsvar.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/espruino/Espruino/commit/ce1924193862d58cb43d3d4d9dada710a8361b89",
"refsource" : "MISC",
"url" : "https://github.com/espruino/Espruino/commit/ce1924193862d58cb43d3d4d9dada710a8361b89"
},
{
"name" : "https://github.com/espruino/Espruino/issues/1435",
"refsource" : "MISC",
"url" : "https://github.com/espruino/Espruino/issues/1435"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\\0' is made for the wrong array element in jsvar.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/espruino/Espruino/issues/1435",
"refsource": "MISC",
"url": "https://github.com/espruino/Espruino/issues/1435"
},
{
"name": "https://github.com/espruino/Espruino/commit/ce1924193862d58cb43d3d4d9dada710a8361b89",
"refsource": "MISC",
"url": "https://github.com/espruino/Espruino/commit/ce1924193862d58cb43d3d4d9dada710a8361b89"
}
]
}
}

34
2018/11xxx/CVE-2018-11831.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11831",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11831",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/14xxx/CVE-2018-14705.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14705",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14705",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/14xxx/CVE-2018-14950.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"<svg><a xlink:href=\" attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.openwall.com/lists/oss-security/2018/07/26/2",
"refsource" : "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"name" : "https://bugs.debian.org/905023",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/905023"
},
{
"name" : "https://sourceforge.net/p/squirrelmail/bugs/2831/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/squirrelmail/bugs/2831/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"<svg><a xlink:href=\" attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/squirrelmail/bugs/2831/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2018/07/26/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"name": "https://bugs.debian.org/905023",
"refsource": "MISC",
"url": "https://bugs.debian.org/905023"
}
]
}
}

120
2018/14xxx/CVE-2018-14977.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/AvaterXXX/QCMS/blob/master/XSS.md",
"refsource" : "MISC",
"url" : "https://github.com/AvaterXXX/QCMS/blob/master/XSS.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AvaterXXX/QCMS/blob/master/XSS.md",
"refsource": "MISC",
"url": "https://github.com/AvaterXXX/QCMS/blob/master/XSS.md"
}
]
}
}

154
2018/15xxx/CVE-2018-15407.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-03T16:00:00-0500",
"ID" : "CVE-2018-15407",
"STATE" : "PUBLIC",
"TITLE" : "Cisco HyperFlex World-Readable Sensitive Information Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco HyperFlex HX-Series ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "5.5",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-10-03T16:00:00-0500",
"ID": "CVE-2018-15407",
"STATE": "PUBLIC",
"TITLE": "Cisco HyperFlex World-Readable Sensitive Information Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco HyperFlex HX-Series ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181003 Cisco HyperFlex World-Readable Sensitive Information Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-info"
}
]
},
"source" : {
"advisory" : "cisco-sa-20181003-hyperflex-info",
"defect" : [
[
"CSCvk59406"
]
],
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.5",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181003 Cisco HyperFlex World-Readable Sensitive Information Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-info"
}
]
},
"source": {
"advisory": "cisco-sa-20181003-hyperflex-info",
"defect": [
[
"CSCvk59406"
]
],
"discovery": "UNKNOWN"
}
}

178
2018/15xxx/CVE-2018-15458.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-09T16:00:00-0800",
"ID" : "CVE-2018-15458",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Firepower Management Center ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An attacker could exploit this vulnerability by sending a steady stream of remote authentication requests to the appliance when the specific configuration is applied. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the device functions could operate abnormally, making the device unstable."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "5.3",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-399"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-09T16:00:00-0800",
"ID": "CVE-2018-15458",
"STATE": "PUBLIC",
"TITLE": "Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Firepower Management Center ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190109 Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-fpwr-mc-dos"
},
{
"name" : "106516",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106516"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190109-fpwr-mc-dos",
"defect" : [
[
"CSCvk20751"
]
],
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because the configuration of the Shell Access Filter, when used with a specific type of remote authentication, can cause a system file to have unbounded writes. An attacker could exploit this vulnerability by sending a steady stream of remote authentication requests to the appliance when the specific configuration is applied. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the device functions could operate abnormally, making the device unstable."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106516"
},
{
"name": "20190109 Cisco Firepower Management Center Disk Utilization Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-fpwr-mc-dos"
}
]
},
"source": {
"advisory": "cisco-sa-20190109-fpwr-mc-dos",
"defect": [
[
"CSCvk20751"
]
],
"discovery": "INTERNAL"
}
}

34
2018/15xxx/CVE-2018-15579.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15579",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15579",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15635.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15635",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15635",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15736.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15736",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15736",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/20xxx/CVE-2018-20012.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phpcmf.net/version-13.html",
"refsource" : "MISC",
"url" : "http://www.phpcmf.net/version-13.html"
},
{
"name" : "https://gitee.com/copy_cat/phpcmf/blob/master/README.md",
"refsource" : "MISC",
"url" : "https://gitee.com/copy_cat/phpcmf/blob/master/README.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/copy_cat/phpcmf/blob/master/README.md",
"refsource": "MISC",
"url": "https://gitee.com/copy_cat/phpcmf/blob/master/README.md"
},
{
"name": "http://www.phpcmf.net/version-13.html",
"refsource": "MISC",
"url": "http://www.phpcmf.net/version-13.html"
}
]
}
}

34
2018/8xxx/CVE-2018-8230.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8230",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8230",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}