admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:27:53 +00:00
parent 8e1f10657d
commit 05432b9e76
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3679 additions and 3679 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
2002/0xxx/CVE-2002-0269.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0269", "ID": "CVE-2002-0269",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101363764421623&w=2" "lang": "eng",
} "value": "Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020212 [GSA2002-01] Web browsers ignore the Content-Type header, thus allowing cross-site scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101363764421623&w=2"
}
]
}
}

170
2002/0xxx/CVE-2002-0792.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0792", "ID": "CVE-2002-0792",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020515 Content Service Switch Web Management HTTP Processing Vulnerabilities", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/css-http-post-pub.shtml" "lang": "eng",
}, "value": "The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data."
{ }
"name" : "VU#330275", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/330275" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#686939", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/686939" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4747", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/4747" ]
}, },
{ "references": {
"name" : "4748", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4748" "name": "VU#330275",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/330275"
"name" : "cisco-css-http-dos(9083)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9083.php" "name": "4747",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/4747"
} },
} {
"name": "VU#686939",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/686939"
},
{
"name": "4748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4748"
},
{
"name": "20020515 Content Service Switch Web Management HTTP Processing Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/css-http-post-pub.shtml"
},
{
"name": "cisco-css-http-dos(9083)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9083.php"
}
]
}
}

160
2002/1xxx/CVE-2002-1358.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1358", "ID": "CVE-2002-1358",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors", "description_data": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html" "lang": "eng",
}, "value": "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite."
{ }
"name" : "CA-2002-36", ]
"refsource" : "CERT", },
"url" : "http://www.cert.org/advisories/CA-2002-36.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:5721", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1005812", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1005812" ]
}, },
{ "references": {
"name" : "1005813", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1005813" "name": "1005812",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1005812"
} },
} {
"name": "CA-2002-36",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-36.html"
},
{
"name": "oval:org.mitre.oval:def:5721",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721"
},
{
"name": "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html"
},
{
"name": "1005813",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1005813"
}
]
}
}

210
2002/1xxx/CVE-2002-1367.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1367", "ID": "CVE-2002-1367",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a \"need authorization\" page, as demonstrated by new-coke."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104032149026670&w=2" "lang": "eng",
}, "value": "Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a \"need authorization\" page, as demonstrated by new-coke."
{ }
"name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.idefense.com/advisory/12.19.02.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.idefense.com/advisory/12.19.02.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CLSA-2003:702", ]
"refsource" : "CONECTIVA", }
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702" ]
}, },
{ "references": {
"name" : "DSA-232", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2003/dsa-232" "name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)",
}, "refsource": "VULNWATCH",
{ "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html"
"name" : "MDKSA-2003:001", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001" "name": "CLSA-2003:702",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702"
"name" : "RHSA-2002:295", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-295.html" "name": "DSA-232",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2003/dsa-232"
"name" : "SuSE-SA:2003:002", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2003_002_cups.html" "name": "SuSE-SA:2003:002",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2003_002_cups.html"
"name" : "cups-udp-add-printers(10908)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10908" "name": "http://www.idefense.com/advisory/12.19.02.txt",
}, "refsource": "MISC",
{ "url": "http://www.idefense.com/advisory/12.19.02.txt"
"name" : "6436", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6436" "name": "RHSA-2002:295",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2002-295.html"
} },
} {
"name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104032149026670&w=2"
},
{
"name": "MDKSA-2003:001",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001"
},
{
"name": "6436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6436"
},
{
"name": "cups-udp-add-printers(10908)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10908"
}
]
}
}

140
2002/1xxx/CVE-2002-1455.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1455", "ID": "CVE-2002-1455",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020825 OmniHTTPd test.shtml Cross-Site Scripting Issue", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0264.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe."
{ }
"name" : "20020825 OmniHTTPd test.php Cross-Site Scripting Issue", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0263.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20020825 More OmniHTTPd Problems", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0266.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20020825 OmniHTTPd test.php Cross-Site Scripting Issue",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0263.html"
},
{
"name": "20020825 OmniHTTPd test.shtml Cross-Site Scripting Issue",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0264.html"
},
{
"name": "20020825 More OmniHTTPd Problems",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0266.html"
}
]
}
}

140
2002/1xxx/CVE-2002-1862.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1862", "ID": "CVE-2002-1862",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SmartMail Server 2.0 allows remote attackers to cause a denial of service (crash) by sending data and closing the connection before all the data has been sent."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021031 SmartMail server DOS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0418.html" "lang": "eng",
}, "value": "SmartMail Server 2.0 allows remote attackers to cause a denial of service (crash) by sending data and closing the connection before all the data has been sent."
{ }
"name" : "6074", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6074" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "smartmail-terminate-connection-dos(10533)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10533.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "smartmail-terminate-connection-dos(10533)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10533.php"
},
{
"name": "20021031 SmartMail server DOS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0418.html"
},
{
"name": "6074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6074"
}
]
}
}

140
2002/1xxx/CVE-2002-1945.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1945", "ID": "CVE-2002-1945",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote attackers to cause a denial of service (crash) via a long request to (1) TCP port 25 (SMTP) or (2) TCP port 110 (POP3)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021031 SmartMail server DOS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0418.html" "lang": "eng",
}, "value": "Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote attackers to cause a denial of service (crash) via a long request to (1) TCP port 25 (SMTP) or (2) TCP port 110 (POP3)."
{ }
"name" : "6075", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6075" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "smartmail-server-ports-dos(10512)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10512.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "6075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6075"
},
{
"name": "smartmail-server-ports-dos(10512)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10512.php"
},
{
"name": "20021031 SmartMail server DOS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0418.html"
}
]
}
}

150
2002/1xxx/CVE-2002-1981.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1981", "ID": "CVE-2002-1981",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the \"public\" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020902 Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/lists/bugtraq/2002/Sep/0009.html" "lang": "eng",
}, "value": "Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the \"public\" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings."
{ }
"name" : "http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt", ]
"refsource" : "MISC", },
"url" : "http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5604", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5604" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "mssql-sp-public-access(10012)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/10012.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "5604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5604"
},
{
"name": "mssql-sp-public-access(10012)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10012.php"
},
{
"name": "http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt"
},
{
"name": "20020902 Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2002/Sep/0009.html"
}
]
}
}

160
2003/0xxx/CVE-2003-0714.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0714", "ID": "CVE-2003-0714",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS03-046", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-046" "lang": "eng",
}, "value": "The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000."
{ }
"name" : "20031022 MS03-046 Microsoft Exchange 2000 Heap Overflow", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=106682909006586&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CA-2003-27", "description": [
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2003-27.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#422156", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/422156" ]
}, },
{ "references": {
"name" : "8838", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/8838" "name": "CA-2003-27",
} "refsource": "CERT",
] "url": "http://www.cert.org/advisories/CA-2003-27.html"
} },
} {
"name": "20031022 MS03-046 Microsoft Exchange 2000 Heap Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106682909006586&w=2"
},
{
"name": "VU#422156",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/422156"
},
{
"name": "MS03-046",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-046"
},
{
"name": "8838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8838"
}
]
}
}

34
2003/0xxx/CVE-2003-0800.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2003-0800", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2003-0800",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} }
] ]
} }
} }

160
2003/0xxx/CVE-2003-0874.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0874", "ID": "CVE-2003-0874",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20031020 Multiple SQL Injection Vulnerabilities in DeskPRO", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=106667525623311&w=2" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen."
{ }
"name" : "20031020 Multiple SQL Injection Vulnerabilities in DeskPRO", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0017.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.securiteam.com/unixfocus/6R0052K8KM.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.securiteam.com/unixfocus/6R0052K8KM.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8856", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/8856" ]
}, },
{ "references": {
"name" : "deskpro-multiple-sql-injection(13391)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13391" "name": "deskpro-multiple-sql-injection(13391)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13391"
} },
} {
"name": "20031020 Multiple SQL Injection Vulnerabilities in DeskPRO",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106667525623311&w=2"
},
{
"name": "20031020 Multiple SQL Injection Vulnerabilities in DeskPRO",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0017.html"
},
{
"name": "8856",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8856"
},
{
"name": "http://www.securiteam.com/unixfocus/6R0052K8KM.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/6R0052K8KM.html"
}
]
}
}

150
2003/1xxx/CVE-2003-1331.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1331", "ID": "CVE-2003-1331",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030612 libmysqlclient 4.x and below mysql_real_connect() buffer overflow.", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/1303.html" "lang": "eng",
}, "value": "Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453."
{ }
"name" : "http://bugs.mysql.com/bug.php?id=564", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.mysql.com/bug.php?id=564" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "7887", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/7887" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "mysql-mysqlrealconnect-bo(12337)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12337" ]
} },
] "references": {
} "reference_data": [
} {
"name": "mysql-mysqlrealconnect-bo(12337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12337"
},
{
"name": "7887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7887"
},
{
"name": "20030612 libmysqlclient 4.x and below mysql_real_connect() buffer overflow.",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/1303.html"
},
{
"name": "http://bugs.mysql.com/bug.php?id=564",
"refsource": "CONFIRM",
"url": "http://bugs.mysql.com/bug.php?id=564"
}
]
}
}

170
2004/2xxx/CVE-2004-2284.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2284", "ID": "CVE-2004-2284",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt" "lang": "eng",
}, "value": "The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument."
{ }
"name" : "10637", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/10637" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "7474", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/7474" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1010605", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1010605" ]
}, },
{ "references": {
"name" : "12017", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12017" "name": "open-webmail-vacation-program-execution(16549)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549"
"name" : "open-webmail-vacation-program-execution(16549)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16549" "name": "1010605",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1010605"
} },
} {
"name": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt",
"refsource": "CONFIRM",
"url": "http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt"
},
{
"name": "10637",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10637"
},
{
"name": "12017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12017"
},
{
"name": "7474",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7474"
}
]
}
}

34
2012/0xxx/CVE-2012-0345.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0345", "ID": "CVE-2012-0345",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2012/0xxx/CVE-2012-0757.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-0757", "ID": "CVE-2012-0757",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-02.html" "lang": "eng",
} "value": "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-02.html"
}
]
}
}

140
2012/1xxx/CVE-2012-1301.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1301", "ID": "CVE-2012-1301",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the \"url\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120405 [MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/522218" "lang": "eng",
}, "value": "The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the \"url\" parameter."
{ }
"name" : "https://www.trustmatta.com/advisories/MATTA-2012-001.txt", ]
"refsource" : "MISC", },
"url" : "https://www.trustmatta.com/advisories/MATTA-2012-001.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52912", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52912" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20120405 [MATTA-2012-001] CVE-2012-1301; 0day; Open Proxy vulnerability in Umbraco 4.7",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522218"
},
{
"name": "52912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52912"
},
{
"name": "https://www.trustmatta.com/advisories/MATTA-2012-001.txt",
"refsource": "MISC",
"url": "https://www.trustmatta.com/advisories/MATTA-2012-001.txt"
}
]
}
}

220
2012/1xxx/CVE-2012-1461.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1461", "ID": "CVE-2012-1461",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/522005" "lang": "eng",
}, "value": "The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations."
{ }
"name" : "http://www.ieee-security.org/TC/SP2012/program.html", ]
"refsource" : "MISC", },
"url" : "http://www.ieee-security.org/TC/SP2012/program.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52626", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52626" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "80500", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/80500" ]
}, },
{ "references": {
"name" : "80501", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80501" "name": "80502",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/80502"
"name" : "80502", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80502" "name": "52626",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52626"
"name" : "80503", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80503" "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/522005"
"name" : "80504", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80504" "name": "80504",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/80504"
"name" : "80505", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80505" "name": "80506",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/80506"
"name" : "80506", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80506" "name": "http://www.ieee-security.org/TC/SP2012/program.html",
}, "refsource": "MISC",
{ "url": "http://www.ieee-security.org/TC/SP2012/program.html"
"name" : "80510", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80510" "name": "80500",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/80500"
} },
} {
"name": "80505",
"refsource": "OSVDB",
"url": "http://osvdb.org/80505"
},
{
"name": "80501",
"refsource": "OSVDB",
"url": "http://osvdb.org/80501"
},
{
"name": "80503",
"refsource": "OSVDB",
"url": "http://osvdb.org/80503"
},
{
"name": "80510",
"refsource": "OSVDB",
"url": "http://osvdb.org/80510"
}
]
}
}

180
2012/1xxx/CVE-2012-1834.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1834", "ID": "CVE-2012-1834",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.htbridge.com/advisory/HTB23083", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23083" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-admin/options-general.php."
{ }
"name" : "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view", ]
"refsource" : "CONFIRM", },
"url" : "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52708", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/52708" ]
}, },
{ "references": {
"name" : "80573", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/80573" "name": "48510",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48510"
"name" : "48510", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48510" "name": "80573",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/80573"
"name" : "wordpress-cmstree-edit-xss(74337)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74337" "name": "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/",
} "refsource": "CONFIRM",
] "url": "http://wordpress.org/extend/plugins/cms-tree-page-view/changelog/"
} },
} {
"name": "https://www.htbridge.com/advisory/HTB23083",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23083"
},
{
"name": "wordpress-cmstree-edit-xss(74337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74337"
},
{
"name": "52708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52708"
},
{
"name": "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset/523576/cms-tree-page-view"
}
]
}
}

360
2012/1xxx/CVE-2012-1959.json
View File

@ -1,182 +1,182 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1959", "ID": "CVE-2012-1959",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-49.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-49.html" "lang": "eng",
}, "value": "Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=737559", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=737559" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=754044", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=754044" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2012:1088", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1088.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2012:0899", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html" "name": "49977",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49977"
"name" : "openSUSE-SU-2012:0917", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html" "name": "49992",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49992"
"name" : "SUSE-SU-2012:0895", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=754044",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=754044"
"name" : "SUSE-SU-2012:0896", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html" "name": "1027256",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027256"
"name" : "USN-1509-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1509-1" "name": "RHSA-2012:1088",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1088.html"
"name" : "USN-1509-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1509-2" "name": "84002",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/84002"
"name" : "USN-1510-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1510-1" "name": "USN-1509-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1509-2"
"name" : "54576", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54576" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=737559",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=737559"
"name" : "84002", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/84002" "name": "1027258",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027258"
"name" : "oval:org.mitre.oval:def:16920", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16920" "name": "49979",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49979"
"name" : "1027256", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027256" "name": "SUSE-SU-2012:0895",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html"
"name" : "1027257", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027257" "name": "USN-1510-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1510-1"
"name" : "1027258", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027258" "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-49.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-49.html"
"name" : "49965", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49965" "name": "oval:org.mitre.oval:def:16920",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16920"
"name" : "49972", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49972" "name": "49965",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49965"
"name" : "49992", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49992" "name": "1027257",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027257"
"name" : "49968", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49968" "name": "openSUSE-SU-2012:0917",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html"
"name" : "49977", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49977" "name": "54576",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/54576"
"name" : "49979", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49979" "name": "SUSE-SU-2012:0896",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html"
"name" : "49993", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49993" "name": "49994",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49994"
"name" : "49994", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49994" "name": "openSUSE-SU-2012:0899",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html"
} },
} {
"name": "49968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49968"
},
{
"name": "USN-1509-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1509-1"
},
{
"name": "49993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49993"
},
{
"name": "49972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49972"
}
]
}
}

140
2012/4xxx/CVE-2012-4170.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-4170", "ID": "CVE-2012-4170",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-20.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-20.html" "lang": "eng",
}, "value": "Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file."
{ }
"name" : "55333", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/55333" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1027477", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027477" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "55333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55333"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-20.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-20.html"
},
{
"name": "1027477",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027477"
}
]
}
}

240
2012/4xxx/CVE-2012-4454.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4454", "ID": "CVE-2012-4454",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[Opencryptoki-tech] 20120223 opencryptoki version 2.4.1 released", "description_data": [
"refsource" : "MLIST", {
"url" : "http://sourceforge.net/mailarchive/message.php?msg_id=28878345" "lang": "eng",
}, "value": "openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp."
{ }
"name" : "[oss-security] 20120906 CVE request: opencryptoki insecure lock files handling", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/09/07/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20120907 Re: CVE request: opencryptoki insecure lock files handling", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/09/07/6" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20120909 Re: CVE request: opencryptoki insecure lock files handling", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2012/09/09/2" ]
}, },
{ "references": {
"name" : "[oss-security] 20120920 Re: CVE request: opencryptoki insecure lock files handling", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/09/20/6" "name": "[oss-security] 20120909 Re: CVE request: opencryptoki insecure lock files handling",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/09/09/2"
"name" : "[oss-security] 20120924 Re: CVE request: opencryptoki insecure lock files handling", },
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/09/25/5" "name": "[oss-security] 20120924 Re: CVE request: opencryptoki insecure lock files handling",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/09/25/5"
"name" : "[oss-security] 20120927 Re: CVE request: opencryptoki insecure lock files handling", },
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/09/27/2" "name": "50702",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50702"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=730636", },
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=730636" "name": "55627",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/55627"
"name" : "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9", },
"refsource" : "CONFIRM", {
"url" : "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9" "name": "[oss-security] 20120927 Re: CVE request: opencryptoki insecure lock files handling",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/09/27/2"
"name" : "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30", },
"refsource" : "CONFIRM", {
"url" : "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30" "name": "[Opencryptoki-tech] 20120223 opencryptoki version 2.4.1 released",
}, "refsource": "MLIST",
{ "url": "http://sourceforge.net/mailarchive/message.php?msg_id=28878345"
"name" : "55627", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55627" "name": "[oss-security] 20120920 Re: CVE request: opencryptoki insecure lock files handling",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/09/20/6"
"name" : "50702", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50702" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=730636",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=730636"
"name" : "opencryptoki-mutliple-symlink(78797)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78797" "name": "opencryptoki-mutliple-symlink(78797)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78797"
} },
} {
"name": "[oss-security] 20120906 CVE request: opencryptoki insecure lock files handling",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/07/2"
},
{
"name": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30",
"refsource": "CONFIRM",
"url": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=b7fcb3eb0319183348f1f4fb90ede4edd6487c30"
},
{
"name": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9",
"refsource": "CONFIRM",
"url": "http://opencryptoki.git.sourceforge.net/git/gitweb.cgi?p=opencryptoki/opencryptoki;a=commitdiff;h=58345488c9351d9be9a4be27c8b407c2706a33a9"
},
{
"name": "[oss-security] 20120907 Re: CVE request: opencryptoki insecure lock files handling",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/07/6"
}
]
}
}

120
2012/4xxx/CVE-2012-4757.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4757", "ID": "CVE-2012-4757",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .sta or .stp file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "49290", "description_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49290" "lang": "eng",
} "value": "Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .sta or .stp file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49290"
}
]
}
}

170
2012/4xxx/CVE-2012-4877.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4877", "ID": "CVE-2012-4877",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts."
{ }
"name" : "http://www.vulnerability-lab.com/get_content.php?id=487", ]
"refsource" : "MISC", },
"url" : "http://www.vulnerability-lab.com/get_content.php?id=487" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52846", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52846" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "80878", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/80878" ]
}, },
{ "references": {
"name" : "48656", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48656" "name": "http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html"
"name" : "flatnux-controlcenter-csrf(74567)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74567" "name": "80878",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/80878"
} },
} {
"name": "flatnux-controlcenter-csrf(74567)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74567"
},
{
"name": "48656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48656"
},
{
"name": "52846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52846"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=487",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=487"
}
]
}
}

280
2012/5xxx/CVE-2012-5958.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-5958", "ID": "CVE-2012-5958",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play", "description_data": [
"refsource" : "MISC", {
"url" : "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play" "lang": "eng",
}, "value": "Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction."
{ }
"name" : "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf", ]
"refsource" : "MISC", },
"url" : "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb", "description": [
"refsource" : "MISC", {
"url" : "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.tenable.com/security/research/tra-2017-10", ]
"refsource" : "MISC", }
"url" : "https://www.tenable.com/security/research/tra-2017-10" ]
}, },
{ "references": {
"name" : "http://pupnp.sourceforge.net/ChangeLog", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://pupnp.sourceforge.net/ChangeLog" "name": "20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities",
}, "refsource": "CISCO",
{ "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp"
"name" : "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf", },
"refsource" : "CONFIRM", {
"url" : "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf" "name": "MDVSA-2013:098",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098"
"name" : "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf", },
"refsource" : "CONFIRM", {
"url" : "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf" "name": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://tsd.dlink.com.tw/temp/PMD/12960/DSR-150N_A2_Release_Notes_FW_v1.05B64_WW.pdf"
"name" : "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf", },
"refsource" : "CONFIRM", {
"url" : "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf" "name": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf",
}, "refsource": "MISC",
{ "url": "https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf"
"name" : "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf", },
"refsource" : "CONFIRM", {
"url" : "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf" "name": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://tsd.dlink.com.tw/temp/PMD/12879/DSR-500_500N_1000_1000N_A1_Release_Notes_FW_v1.08B77_WW.pdf"
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037", },
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037" "name": "DSA-2615",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2615"
"name" : "20130129 Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities", },
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp" "name": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://tsd.dlink.com.tw/temp/PMD/12966/DSR-150_A1_A2_Release_Notes_FW_v1.08B44_WW.pdf"
"name" : "DSA-2614", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2614" "name": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://tsd.dlink.com.tw/temp/PMD/13039/DSR-250_250N_A1_A2_Release_Notes_FW_v1.08B44_WW_RU.pdf"
"name" : "DSA-2615", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2615" "name": "DSA-2614",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2614"
"name" : "MDVSA-2013:098", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:098" "name": "57602",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/57602"
"name" : "openSUSE-SU-2013:0255", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html" "name": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb",
}, "refsource": "MISC",
{ "url": "https://community.rapid7.com/servlet/servlet.FileDownload?file=00P1400000cCaFb"
"name" : "VU#922681", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/922681" "name": "http://pupnp.sourceforge.net/ChangeLog",
}, "refsource": "CONFIRM",
{ "url": "http://pupnp.sourceforge.net/ChangeLog"
"name" : "57602", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57602" "name": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play",
} "refsource": "MISC",
] "url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
} },
} {
"name": "VU#922681",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/922681"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-10",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-10"
},
{
"name": "openSUSE-SU-2013:0255",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00013.html"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0037"
}
]
}
}

34
2012/5xxx/CVE-2012-5989.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5989", "ID": "CVE-2012-5989",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

190
2017/2xxx/CVE-2017-2479.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2479", "ID": "CVE-2017-2479",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41866", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41866/" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site."
{ }
"name" : "https://support.apple.com/HT207599", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207599" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207600", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207600" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207601", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207601" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT207607", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207607" "name": "97176",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/97176"
"name" : "https://support.apple.com/HT207617", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207617" "name": "1038157",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1038157"
"name" : "97176", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97176" "name": "https://support.apple.com/HT207601",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207601"
"name" : "1038157", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038157" "name": "41866",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/41866/"
} },
} {
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207600"
},
{
"name": "https://support.apple.com/HT207607",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207607"
},
{
"name": "https://support.apple.com/HT207599",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207599"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

132
2017/3xxx/CVE-2017-3620.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3620", "ID": "CVE-2017-3620",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Automatic Service Request (ASR)", "product_name": "Automatic Service Request (ASR)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "5.7" "version_value": "5.7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in takeover of Automatic Service Request (ASR). CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in takeover of Automatic Service Request (ASR)."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" "lang": "eng",
}, "value": "Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in takeover of Automatic Service Request (ASR). CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
{ }
"name" : "97811", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97811" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in takeover of Automatic Service Request (ASR)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97811",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97811"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
}
]
}
}

152
2017/3xxx/CVE-2017-3644.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3644", "ID": "CVE-2017-3644",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.7.18 and earlier" "version_value": "5.7.18 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
{ }
"name" : "RHSA-2017:2886", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2017:2886" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99775", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99775" "lang": "eng",
}, "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
{ }
"name" : "1038928", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038928" ]
} },
] "references": {
} "reference_data": [
} {
"name": "99775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99775"
},
{
"name": "1038928",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038928"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

140
2017/3xxx/CVE-2017-3825.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-3825", "ID": "CVE-2017-3825",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco TelePresence", "product_name": "Cisco TelePresence",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco TelePresence" "version_value": "Cisco TelePresence"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp" "lang": "eng",
}, "value": "A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic. This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1: Spark Room OS, TelePresence DX Series, TelePresence MX Series, TelePresence SX Quick Set Series, TelePresence SX Series. Cisco Bug IDs: CSCvb95396."
{ }
"name" : "98293", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98293" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038392", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038392" "lang": "eng",
} "value": "CWE-20"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "98293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98293"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp"
},
{
"name": "1038392",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038392"
}
]
}
}

34
2017/6xxx/CVE-2017-6374.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6374", "ID": "CVE-2017-6374",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2017/6xxx/CVE-2017-6419.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6419", "ID": "CVE-2017-6419",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180212 [SECURITY] [DLA 1279-1] clamav security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00014.html" "lang": "eng",
}, "value": "mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file."
{ }
"name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11701", ]
"refsource" : "MISC", },
"url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11701" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1", ]
"refsource" : "MISC", }
"url" : "https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1" ]
}, },
{ "references": {
"name" : "DSA-3946", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3946" "name": "[debian-lts-announce] 20180212 [SECURITY] [DLA 1279-1] clamav security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00014.html"
"name" : "GLSA-201804-16", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201804-16" "name": "DSA-3946",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2017/dsa-3946"
} },
} {
"name": "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md",
"refsource": "MISC",
"url": "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md"
},
{
"name": "https://bugzilla.clamav.net/show_bug.cgi?id=11701",
"refsource": "MISC",
"url": "https://bugzilla.clamav.net/show_bug.cgi?id=11701"
},
{
"name": "GLSA-201804-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-16"
},
{
"name": "https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1",
"refsource": "MISC",
"url": "https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1"
}
]
}
}

150
2017/6xxx/CVE-2017-6864.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "productcert@siemens.com", "ASSIGNER": "productcert@siemens.com",
"ID" : "CVE-2017-6864", "ID": "CVE-2017-6864",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "RUGGEDCOM ROX I All versions", "product_name": "RUGGEDCOM ROX I All versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "RUGGEDCOM ROX I All versions" "version_value": "RUGGEDCOM ROX I All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01" "lang": "eng",
}, "value": "The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks."
{ }
"name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf", ]
"refsource" : "CONFIRM", },
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "97170", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97170" "lang": "eng",
}, "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
{ }
"name" : "1038160", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038160" ]
} },
] "references": {
} "reference_data": [
} {
"name": "97170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97170"
},
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf"
},
{
"name": "1038160",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038160"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01"
}
]
}
}

130
2017/6xxx/CVE-2017-6866.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "productcert@siemens.com", "ASSIGNER": "productcert@siemens.com",
"ID" : "CVE-2017-6866", "ID": "CVE-2017-6866",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)", "product_name": "XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)" "version_value": "XHQ 4 (All versions before V4.7.1.3), XHQ 5 (All versions before V5.0.0.2)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-284: Improper Access Control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf" "lang": "eng",
}, "value": "A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before V4.7.1.3 and 5 before V5.0.0.2) that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level."
{ }
"name" : "99247", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99247" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99247"
},
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf"
}
]
}
}

130
2017/6xxx/CVE-2017-6986.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-6986", "ID": "CVE-2017-6986",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"iBooks\" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207797", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207797" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"iBooks\" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app."
{ }
"name" : "1038484", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1038484" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038484",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038484"
},
{
"name": "https://support.apple.com/HT207797",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207797"
}
]
}
}

132
2017/7xxx/CVE-2017-7557.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC" : "2017-08-21T00:00:00", "DATE_PUBLIC": "2017-08-21T00:00:00",
"ID" : "CVE-2017-7557", "ID": "CVE-2017-7557",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "dnsdist", "product_name": "dnsdist",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.1.0" "version_value": "1.1.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Red Hat, Inc." "vendor_name": "Red Hat, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-287"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html" "lang": "eng",
}, "value": "dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack."
{ }
"name" : "100508", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100508" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html",
"refsource": "MISC",
"url": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html"
},
{
"name": "100508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100508"
}
]
}
}

160
2017/7xxx/CVE-2017-7593.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7593", "ID": "CVE-2017-7593",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2651", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2651" "lang": "eng",
}, "value": "tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image."
{ }
"name" : "DSA-3844", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3844" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201709-27", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201709-27" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-3602-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3602-1/" ]
}, },
{ "references": {
"name" : "97502", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97502" "name": "DSA-3844",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2017/dsa-3844"
} },
} {
"name": "GLSA-201709-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-27"
},
{
"name": "USN-3602-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3602-1/"
},
{
"name": "97502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97502"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2651",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2651"
}
]
}
}

216
2017/7xxx/CVE-2017-7765.json
View File

@ -1,110 +1,110 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2017-7765", "ID": "CVE-2017-7765",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "54" "version_value": "54"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox ESR", "product_name": "Firefox ESR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.2" "version_value": "52.2"
} }
] ]
} }
}, },
{ {
"product_name" : "Thunderbird", "product_name": "Thunderbird",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.2" "version_value": "52.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"Mark of the Web\" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Mark of the Web bypass when saving executable files"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1273265", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1273265" "lang": "eng",
}, "value": "The \"Mark of the Web\" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-16/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-16/" "lang": "eng",
}, "value": "Mark of the Web bypass when saving executable files"
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-17/", ]
"refsource" : "CONFIRM", }
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-17/" ]
}, },
{ "references": {
"name" : "99057", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99057" "name": "99057",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/99057"
"name" : "1038689", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038689" "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/",
} "refsource": "CONFIRM",
] "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
} },
} {
"name": "1038689",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038689"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273265",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1273265"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-17/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-17/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-16/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
}
]
}
}

130
2017/8xxx/CVE-2017-8098.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8098", "ID": "CVE-2017-8098",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/fulldisclosure/2017/Apr/40", "description_data": [
"refsource" : "MISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Apr/40" "lang": "eng",
}, "value": "e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker."
{ }
"name" : "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5", ]
"refsource" : "MISC", },
"url" : "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5",
"refsource": "MISC",
"url": "https://github.com/e107inc/e107/commit/7a3e3d9fc7e05ce6941b9af1c14010bf2141f1a5"
},
{
"name": "http://seclists.org/fulldisclosure/2017/Apr/40",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/40"
}
]
}
}

140
2017/8xxx/CVE-2017-8484.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-8484", "ID": "CVE-2017-8484",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Windows", "product_name": "Microsoft Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42210", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42210/" "lang": "eng",
}, "value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka \"Win32k Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8484", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8484" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98847", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98847" "lang": "eng",
} "value": "Information Disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "98847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98847"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8484",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8484"
},
{
"name": "42210",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42210/"
}
]
}
}

190
2018/10xxx/CVE-2018-10101.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10101", "ID": "CVE-2018-10101",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://wpvulndb.com/vulnerabilities/9053", "description_data": [
"refsource" : "MISC", {
"url" : "https://wpvulndb.com/vulnerabilities/9053" "lang": "eng",
}, "value": "Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server."
{ }
"name" : "https://codex.wordpress.org/Version_4.9.5", ]
"refsource" : "CONFIRM", },
"url" : "https://codex.wordpress.org/Version_4.9.5" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://core.trac.wordpress.org/changeset/42894", "description": [
"refsource" : "CONFIRM", {
"url" : "https://core.trac.wordpress.org/changeset/42894" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216" ]
}, },
{ "references": {
"name" : "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/" "name": "https://wpvulndb.com/vulnerabilities/9053",
}, "refsource": "MISC",
{ "url": "https://wpvulndb.com/vulnerabilities/9053"
"name" : "DSA-4193", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4193" "name": "104350",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/104350"
"name" : "104350", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104350" "name": "1040836",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1040836"
"name" : "1040836", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040836" "name": "DSA-4193",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2018/dsa-4193"
} },
} {
"name": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/"
},
{
"name": "https://core.trac.wordpress.org/changeset/42894",
"refsource": "CONFIRM",
"url": "https://core.trac.wordpress.org/changeset/42894"
},
{
"name": "https://codex.wordpress.org/Version_4.9.5",
"refsource": "CONFIRM",
"url": "https://codex.wordpress.org/Version_4.9.5"
},
{
"name": "https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216"
}
]
}
}

130
2018/10xxx/CVE-2018-10123.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10123", "ID": "CVE-2018-10123",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44635", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44635/" "lang": "eng",
}, "value": "p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100."
{ }
"name" : "https://neonsea.uk/blog/2018/04/15/pwn910nd.html", ]
"refsource" : "MISC", },
"url" : "https://neonsea.uk/blog/2018/04/15/pwn910nd.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://neonsea.uk/blog/2018/04/15/pwn910nd.html",
"refsource": "MISC",
"url": "https://neonsea.uk/blog/2018/04/15/pwn910nd.html"
},
{
"name": "44635",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44635/"
}
]
}
}

120
2018/10xxx/CVE-2018-10219.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10219", "ID": "CVE-2018-10219",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/L3tter/bugs/blob/master/baijiacmsV3_bug", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/L3tter/bugs/blob/master/baijiacmsV3_bug" "lang": "eng",
} "value": "baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/L3tter/bugs/blob/master/baijiacmsV3_bug",
"refsource": "MISC",
"url": "https://github.com/L3tter/bugs/blob/master/baijiacmsV3_bug"
}
]
}
}

34
2018/10xxx/CVE-2018-10401.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10401", "ID": "CVE-2018-10401",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/13xxx/CVE-2018-13656.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13656", "ID": "CVE-2018-13656",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for Sample Token (STK) (Contract Name: cashBackMintable), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/cashBackMintable", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/cashBackMintable" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/cashBackMintable",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/cashBackMintable"
}
]
}
}

170
2018/14xxx/CVE-2018-14574.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14574", "ID": "CVE-2018-14574",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/" "lang": "eng",
}, "value": "django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect."
{ }
"name" : "DSA-4264", ]
"refsource" : "DEBIAN", },
"url" : "https://www.debian.org/security/2018/dsa-4264" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2019:0265", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2019:0265" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-3726-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3726-1/" ]
}, },
{ "references": {
"name" : "104970", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104970" "name": "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/",
}, "refsource": "CONFIRM",
{ "url": "https://www.djangoproject.com/weblog/2018/aug/01/security-releases/"
"name" : "1041403", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041403" "name": "USN-3726-1",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3726-1/"
} },
} {
"name": "DSA-4264",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4264"
},
{
"name": "1041403",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041403"
},
{
"name": "RHSA-2019:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0265"
},
{
"name": "104970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104970"
}
]
}
}

34
2018/17xxx/CVE-2018-17765.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17765", "ID": "CVE-2018-17765",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/17xxx/CVE-2018-17770.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17770", "ID": "CVE-2018-17770",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/17xxx/CVE-2018-17870.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17870", "ID": "CVE-2018-17870",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in BTITeam XBTIT 2.5.4. The \"returnto\" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/btiteam/xbtit/pull/59", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/btiteam/xbtit/pull/59" "lang": "eng",
} "value": "An issue was discovered in BTITeam XBTIT 2.5.4. The \"returnto\" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/btiteam/xbtit/pull/59",
"refsource": "MISC",
"url": "https://github.com/btiteam/xbtit/pull/59"
}
]
}
}

130
2018/17xxx/CVE-2018-17983.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17983", "ID": "CVE-2018-17983",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901" "lang": "eng",
}, "value": "cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry."
{ }
"name" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29", ]
"refsource" : "MISC", },
"url" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901",
"refsource": "MISC",
"url": "https://www.mercurial-scm.org/repo/hg/rev/5405cb1a7901"
},
{
"name": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29",
"refsource": "MISC",
"url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.7.2_.282018-10-01.29"
}
]
}
}

34
2018/20xxx/CVE-2018-20356.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20356", "ID": "CVE-2018-20356",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/9xxx/CVE-2018-9841.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9841", "ID": "CVE-2018-9841",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758", "description_data": [
"refsource" : "MISC", {
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758" "lang": "eng",
} "value": "The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758",
"refsource": "MISC",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758"
}
]
}
}

34
2018/9xxx/CVE-2018-9873.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9873", "ID": "CVE-2018-9873",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/9xxx/CVE-2018-9976.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-9976", "ID": "CVE-2018-9976",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.0.29935" "version_value": "9.0.0.29935"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5425."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125-Out-of-bounds Read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-374", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-374" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5425."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-125-Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-374",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-374"
}
]
}
}