admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:33:57 +00:00
parent 5fd02a659f
commit 082f65d1d6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 3643 additions and 3643 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/0xxx/CVE-2002-0157.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0157", "ID": "CVE-2002-0157",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020502 R7-0003: Nautilus Symlink Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/270691/2002-04-29/2002-05-05/0" "lang": "eng",
}, "value": "Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file."
{ }
"name" : "RHSA-2002:064", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2002-064.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "nautilus-metafile-xml-symlink(8995)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8995.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4373", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/4373" ]
} },
] "references": {
} "reference_data": [
} {
"name": "RHSA-2002:064",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-064.html"
},
{
"name": "20020502 R7-0003: Nautilus Symlink Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/270691/2002-04-29/2002-05-05/0"
},
{
"name": "4373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4373"
},
{
"name": "nautilus-metafile-xml-symlink(8995)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8995.php"
}
]
}
}

140
2002/0xxx/CVE-2002-0160.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0160", "ID": "CVE-2002-0160",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\\.. (modified ..) in the URL to port 2002."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020403 iXsecurity.20020316.csadmin_dir.a", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101786689128667&w=2" "lang": "eng",
}, "value": "The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\\.. (modified ..) in the URL to port 2002."
{ }
"name" : "20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows", ]
"refsource" : "CISCO", },
"url" : "http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5352", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5352" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20020403 iXsecurity.20020316.csadmin_dir.a",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101786689128667&w=2"
},
{
"name": "20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml"
},
{
"name": "5352",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5352"
}
]
}
}

120
2002/0xxx/CVE-2002-0323.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0323", "ID": "CVE-2002-0323",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "comment2.jse in ScriptEase:WebServer allows remote attackers to read arbitrary files by specifying the target file as an argument in the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020224 ScriptEase:WebServer Edition vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101465709621105&w=2" "lang": "eng",
} "value": "comment2.jse in ScriptEase:WebServer allows remote attackers to read arbitrary files by specifying the target file as an argument in the URL."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020224 ScriptEase:WebServer Edition vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101465709621105&w=2"
}
]
}
}

150
2002/0xxx/CVE-2002-0528.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0528", "ID": "CVE-2002-0528",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized services that were set before the administrator upgrades to 5.0.35, which could allow remote attackers to bypass the intended access control rules."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020410 KPMG-2002008: Watchguard SOHO IP Restrictions Flaw", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/266948" "lang": "eng",
}, "value": "Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized services that were set before the administrator upgrades to 5.0.35, which could allow remote attackers to bypass the intended access control rules."
{ }
"name" : "watchguard-soho-bypass-restrictions(8814)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/8814.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4491", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4491" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20020410 [VulnWatch] KPMG-2002008: Watchguard SOHO IP Restrictions Flaw", ]
"refsource" : "VULNWATCH", }
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0009.html" ]
} },
] "references": {
} "reference_data": [
} {
"name": "watchguard-soho-bypass-restrictions(8814)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8814.php"
},
{
"name": "4491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4491"
},
{
"name": "20020410 [VulnWatch] KPMG-2002008: Watchguard SOHO IP Restrictions Flaw",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0009.html"
},
{
"name": "20020410 KPMG-2002008: Watchguard SOHO IP Restrictions Flaw",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/266948"
}
]
}
}

170
2002/0xxx/CVE-2002-0846.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0846", "ID": "CVE-2002-0846",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020830 RE: Macromedia Shockwave Flash Malformed Header Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103072708329280&w=2" "lang": "eng",
}, "value": "The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length."
{ }
"name" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=23293", ]
"refsource" : "CONFIRM", },
"url" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=23293" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2003:026", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-026.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2003:027", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2003-027.html" ]
}, },
{ "references": {
"name" : "flash-swf-header-bo(9798)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9798.php" "name": "RHSA-2003:027",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-027.html"
"name" : "5430", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5430" "name": "5430",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/5430"
} },
} {
"name": "20020830 RE: Macromedia Shockwave Flash Malformed Header Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103072708329280&w=2"
},
{
"name": "RHSA-2003:026",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-026.html"
},
{
"name": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23293",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23293"
},
{
"name": "flash-swf-header-bo(9798)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9798.php"
}
]
}
}

34
2002/0xxx/CVE-2002-0868.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0868", "ID": "CVE-2002-0868",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2002/1xxx/CVE-2002-1154.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1154", "ID": "CVE-2002-1154",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.analog.cx/security5.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.analog.cx/security5.html" "lang": "eng",
}, "value": "anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log."
{ }
"name" : "RHSA-2002:059", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2002-059.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "analog-anlgform-dos(10344)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10344.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3779", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/3779" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.analog.cx/security5.html",
"refsource": "CONFIRM",
"url": "http://www.analog.cx/security5.html"
},
{
"name": "RHSA-2002:059",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-059.html"
},
{
"name": "analog-anlgform-dos(10344)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10344.php"
},
{
"name": "3779",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3779"
}
]
}
}

140
2002/1xxx/CVE-2002-1411.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1411", "ID": "CVE-2002-1411",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System (DPGS) 0.99.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020622 DPGS allows any file to be overwritten", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0265.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System (DPGS) 0.99.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the id parameter."
{ }
"name" : "5081", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5081" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "dpgs-dotdot-directory-traversal(9414)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9414.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "5081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5081"
},
{
"name": "dpgs-dotdot-directory-traversal(9414)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9414.php"
},
{
"name": "20020622 DPGS allows any file to be overwritten",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0265.html"
}
]
}
}

150
2002/1xxx/CVE-2002-1467.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1467", "ID": "CVE-2002-1467",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a \"file://\" base in a web document, or (3) a relative URL from a web archive (mht file)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020808 Macromedia Flash plugin can read local files", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/286625" "lang": "eng",
}, "value": "Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a \"file://\" base in a web document, or (3) a relative URL from a web archive (mht file)."
{ }
"name" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=23294", ]
"refsource" : "CONFIRM", },
"url" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=23294" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5429", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5429" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "flash-same-domain-disclosure(9797)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/9797.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20020808 Macromedia Flash plugin can read local files",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/286625"
},
{
"name": "flash-same-domain-disclosure(9797)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9797.php"
},
{
"name": "5429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5429"
},
{
"name": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23294",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23294"
}
]
}
}

130
2002/1xxx/CVE-2002-1567.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1567", "ID": "CVE-2002-1567",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020821 Apache Tomcat 4.1 Cross-Site Scripting Vulnerability", "description_data": [
"refsource" : "VULN-DEV", {
"url" : "http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0482.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script."
{ }
"name" : "http://tomcat.apache.org/security-4.html", ]
"refsource" : "CONFIRM", },
"url" : "http://tomcat.apache.org/security-4.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tomcat.apache.org/security-4.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-4.html"
},
{
"name": "20020821 Apache Tomcat 4.1 Cross-Site Scripting Vulnerability",
"refsource": "VULN-DEV",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q3/0482.html"
}
]
}
}

140
2002/1xxx/CVE-2002-1749.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1749", "ID": "CVE-2002-1749",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020211 Terminal doesn't lock after disconnect in Terminal Services", "description_data": [
"refsource" : "NTBUGTRAQ", {
"url" : "http://www.ntbugtraq.com/default.aspx?pid=36&sid=1&A2=ind0202&L=ntbugtraq&T=0&O=D&F=N&P=5224" "lang": "eng",
}, "value": "Windows 2000 Terminal Services, when using the disconnect feature of the client, does not properly lock itself if it is left idle until the screen saver activates and the user disconnects, which could allow attackers to gain administrator privileges."
{ }
"name" : "4095", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4095" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "win2k-terminal-services-unlocked(8199)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8199" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "4095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4095"
},
{
"name": "win2k-terminal-services-unlocked(8199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8199"
},
{
"name": "20020211 Terminal doesn't lock after disconnect in Terminal Services",
"refsource": "NTBUGTRAQ",
"url": "http://www.ntbugtraq.com/default.aspx?pid=36&sid=1&A2=ind0202&L=ntbugtraq&T=0&O=D&F=N&P=5224"
}
]
}
}

150
2002/2xxx/CVE-2002-2168.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2168", "ID": "CVE-2002-2168",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including function_describe_item1.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020715 Again NULL and addslashes() (now in 123tkshop)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/282404" "lang": "eng",
}, "value": "SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including function_describe_item1.inc.php."
{ }
"name" : "http://www.123tkshop.org/index.php", ]
"refsource" : "CONFIRM", },
"url" : "http://www.123tkshop.org/index.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "123tkshop-sql-injection(9582)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9582.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5244", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/5244" ]
} },
] "references": {
} "reference_data": [
} {
"name": "123tkshop-sql-injection(9582)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9582.php"
},
{
"name": "http://www.123tkshop.org/index.php",
"refsource": "CONFIRM",
"url": "http://www.123tkshop.org/index.php"
},
{
"name": "5244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5244"
},
{
"name": "20020715 Again NULL and addslashes() (now in 123tkshop)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/282404"
}
]
}
}

150
2003/0xxx/CVE-2003-0402.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0402", "ID": "CVE-2003-0402",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030526 S21SEC-020 - Vignette user enumeration", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105405880325755&w=2" "lang": "eng",
}, "value": "The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks."
{ }
"name" : "http://www.s21sec.com/en/avisos/s21sec-020-en.txt", ]
"refsource" : "MISC", },
"url" : "http://www.s21sec.com/en/avisos/s21sec-020-en.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "vignette-login-account-bruteforce(12073)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/12073.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "7691", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/7691" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20030526 S21SEC-020 - Vignette user enumeration",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105405880325755&w=2"
},
{
"name": "vignette-login-account-bruteforce(12073)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/12073.php"
},
{
"name": "7691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7691"
},
{
"name": "http://www.s21sec.com/en/avisos/s21sec-020-en.txt",
"refsource": "MISC",
"url": "http://www.s21sec.com/en/avisos/s21sec-020-en.txt"
}
]
}
}

130
2003/0xxx/CVE-2003-0885.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0885", "ID": "CVE-2003-0885",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=41253", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=41253" "lang": "eng",
}, "value": "Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack."
{ }
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286", ]
"refsource" : "CONFIRM", },
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=41253",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=41253"
}
]
}
}

130
2009/5xxx/CVE-2009-5056.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-5056", "ID": "CVE-2009-5056",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.otrs.org/show_bug.cgi?id=3583", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.otrs.org/show_bug.cgi?id=3583" "lang": "eng",
}, "value": "Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list."
{ }
"name" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807", ]
"refsource" : "CONFIRM", },
"url" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=3583",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3583"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}

210
2012/0xxx/CVE-2012-0025.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-0025", "ID": "CVE-2012-0025",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18256", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18256" "lang": "eng",
}, "value": "Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image."
{ }
"name" : "[oss-security] 20120103 Re: CVE request: libfpx \"Free_All_Memory()\" Double-Free Vulnerability", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/01/03/16" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20121102 Re: libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025)", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/11/02/6" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=31&Itemid=31", ]
"refsource" : "MISC", }
"url" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=31&Itemid=31" ]
}, },
{ "references": {
"name" : "http://www.imagemagick.org/download/delegates/libfpx-1.3.1-1.zip", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.imagemagick.org/download/delegates/libfpx-1.3.1-1.zip" "name": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=31&Itemid=31",
}, "refsource": "MISC",
{ "url": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=31&Itemid=31"
"name" : "GLSA-201605-03", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201605-03" "name": "47322",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/47322"
"name" : "77958", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/77958" "name": "77958",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/77958"
"name" : "47246", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47246" "name": "http://www.imagemagick.org/download/delegates/libfpx-1.3.1-1.zip",
}, "refsource": "CONFIRM",
{ "url": "http://www.imagemagick.org/download/delegates/libfpx-1.3.1-1.zip"
"name" : "47322", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47322" "name": "[oss-security] 20120103 Re: CVE request: libfpx \"Free_All_Memory()\" Double-Free Vulnerability",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/01/03/16"
"name" : "libfpx-freeallmemory-code-exec(71892)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71892" "name": "47246",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/47246"
} },
} {
"name": "18256",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18256"
},
{
"name": "GLSA-201605-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201605-03"
},
{
"name": "libfpx-freeallmemory-code-exec(71892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71892"
},
{
"name": "[oss-security] 20121102 Re: libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/02/6"
}
]
}
}

180
2012/0xxx/CVE-2012-0318.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2012-0318", "ID": "CVE-2012-0318",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262."
{ }
"name" : "http://www.movabletype.org/documentation/appendices/release-notes/513.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.movabletype.org/documentation/appendices/release-notes/513.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2423", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2423" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "JVN#49836527", ]
"refsource" : "JVN", }
"url" : "http://jvn.jp/en/jp/JVN49836527/index.html" ]
}, },
{ "references": {
"name" : "JVNDB-2012-000016", "reference_data": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000016" "name": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html"
"name" : "52138", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52138" "name": "52138",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52138"
"name" : "1026738", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026738" "name": "DSA-2423",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2012/dsa-2423"
} },
} {
"name": "1026738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026738"
},
{
"name": "http://www.movabletype.org/documentation/appendices/release-notes/513.html",
"refsource": "CONFIRM",
"url": "http://www.movabletype.org/documentation/appendices/release-notes/513.html"
},
{
"name": "JVNDB-2012-000016",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000016"
},
{
"name": "JVN#49836527",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49836527/index.html"
}
]
}
}

170
2012/0xxx/CVE-2012-0638.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-0638", "ID": "CVE-2012-0638",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2012-03-07-1", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" "lang": "eng",
}, "value": "WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1."
{ }
"name" : "APPLE-SA-2012-03-12-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52363", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52363" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:17138", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17138" ]
}, },
{ "references": {
"name" : "48274", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48274" "name": "52363",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52363"
"name" : "48377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48377" "name": "oval:org.mitre.oval:def:17138",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17138"
} },
} {
"name": "48377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48377"
},
{
"name": "APPLE-SA-2012-03-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "48274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48274"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
}
]
}
}

170
2012/0xxx/CVE-2012-0682.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-0682", "ID": "CVE-2012-0682",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5400", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5400" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
{ }
"name" : "http://support.apple.com/kb/HT5485", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5485" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5503", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2012-07-25-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-09-12-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "APPLE-SA-2012-09-19-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
} },
} {
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
}

220
2012/0xxx/CVE-2012-0869.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-0869", "ID": "CVE-2012-0869",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120220 Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
{ }
"name" : "20120220 Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20120220 Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/02/20/8" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20120220 Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2012/02/20/1" ]
}, },
{ "references": {
"name" : "[oss-security] 20120223 Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/02/23/2" "name": "DSA-2414",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2414"
"name" : "http://fex.rus.uni-stuttgart.de/fex.html", },
"refsource" : "CONFIRM", {
"url" : "http://fex.rus.uni-stuttgart.de/fex.html" "name": "fastfileexchange-fup-id-xss(78966)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78966"
"name" : "DSA-2414", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2414" "name": "http://fex.rus.uni-stuttgart.de/fex.html",
}, "refsource": "CONFIRM",
{ "url": "http://fex.rus.uni-stuttgart.de/fex.html"
"name" : "52085", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52085" "name": "20120220 Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html"
"name" : "79420", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/79420" "name": "47971",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/47971"
"name" : "47971", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47971" "name": "[oss-security] 20120223 Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/02/23/2"
"name" : "fastfileexchange-fup-id-xss(78966)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78966" "name": "[oss-security] 20120220 Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2012/02/20/1"
} },
} {
"name": "79420",
"refsource": "OSVDB",
"url": "http://osvdb.org/79420"
},
{
"name": "[oss-security] 20120220 Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/8"
},
{
"name": "52085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52085"
},
{
"name": "20120220 Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html"
}
]
}
}

120
2012/1xxx/CVE-2012-1472.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1472", "ID": "CVE-2012-1472",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.vmware.com/security/advisories/VMSA-2012-0002.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2012-0002.html" "lang": "eng",
} "value": "VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2012-0002.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0002.html"
}
]
}
}

210
2012/1xxx/CVE-2012-1594.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-1594", "ID": "CVE-2012-1594",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120328 Re: CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/03/28/13" "lang": "eng",
}, "value": "epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet."
{ }
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=40967", ]
"refsource" : "CONFIRM", },
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=40967" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-05.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-05.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6809", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6809" ]
}, },
{ "references": {
"name" : "FEDORA-2012-5243", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078770.html" "name": "http://www.wireshark.org/security/wnpa-sec-2012-05.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2012-05.html"
"name" : "52738", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52738" "name": "[oss-security] 20120328 Re: CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/03/28/13"
"name" : "oval:org.mitre.oval:def:15244", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15244" "name": "wireshark-ieee-dos(74362)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74362"
"name" : "1026874", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026874" "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6809",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6809"
"name" : "48548", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48548" "name": "oval:org.mitre.oval:def:15244",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15244"
"name" : "wireshark-ieee-dos(74362)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74362" "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=40967",
} "refsource": "CONFIRM",
] "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=40967"
} },
} {
"name": "FEDORA-2012-5243",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078770.html"
},
{
"name": "52738",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52738"
},
{
"name": "48548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48548"
},
{
"name": "1026874",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026874"
}
]
}
}

160
2012/3xxx/CVE-2012-3388.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3388", "ID": "CVE-2012-3388",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120717 Moodle security notifications public", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2012/07/17/1" "lang": "eng",
}, "value": "The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record."
{ }
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916", ]
"refsource" : "CONFIRM", },
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "54481", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54481" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "49890", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/49890" ]
}, },
{ "references": {
"name" : "moodle-cached-users-sec-bypass(76955)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76955" "name": "moodle-cached-users-sec-bypass(76955)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76955"
} },
} {
"name": "49890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49890"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916"
},
{
"name": "[oss-security] 20120717 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/07/17/1"
},
{
"name": "54481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54481"
}
]
}
}

130
2012/3xxx/CVE-2012-3847.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3847", "ID": "CVE-2012-3847",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 and Wonderware Application Server 2012 allows remote attackers to cause a denial of service (resource consumption) via a long Unicode string, a different vulnerability than CVE-2012-3007."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf" "lang": "eng",
}, "value": "slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 and Wonderware Application Server 2012 allows remote attackers to cause a denial of service (resource consumption) via a long Unicode string, a different vulnerability than CVE-2012-3007."
{ }
"name" : "49173", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/49173" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49173"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf"
}
]
}
}

34
2012/3xxx/CVE-2012-3929.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3929", "ID": "CVE-2012-3929",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2012/4xxx/CVE-2012-4716.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2012-4716", "ID": "CVE-2012-4716",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-160-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-160-01" "lang": "eng",
} "value": "N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-160-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-160-01"
}
]
}
}

34
2012/4xxx/CVE-2012-4764.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4764", "ID": "CVE-2012-4764",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/4xxx/CVE-2012-4980.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4980", "ID": "CVE-2012-4980",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/2xxx/CVE-2017-2092.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2092", "ID": "CVE-2017-2092",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cybozu Garoon", "product_name": "Cybozu Garoon",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.0.0 to 4.2.3" "version_value": "3.0.0 to 4.2.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cybozu, Inc." "vendor_name": "Cybozu, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.cybozu.com/ja-jp/article/9555", "description_data": [
"refsource" : "MISC", {
"url" : "https://support.cybozu.com/ja-jp/article/9555" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "JVN#73182875", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN73182875/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96429", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96429" "lang": "eng",
} "value": "Cross-site scripting"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9555",
"refsource": "MISC",
"url": "https://support.cybozu.com/ja-jp/article/9555"
},
{
"name": "JVN#73182875",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73182875/index.html"
},
{
"name": "96429",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96429"
}
]
}
}

170
2017/2xxx/CVE-2017-2394.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2394", "ID": "CVE-2017-2394",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207600", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207600" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
{ }
"name" : "https://support.apple.com/HT207601", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207601" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207617", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207617" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201706-15", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201706-15" ]
}, },
{ "references": {
"name" : "97130", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97130" "name": "1038137",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1038137"
"name" : "1038137", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038137" "name": "https://support.apple.com/HT207601",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT207601"
} },
} {
"name": "97130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97130"
},
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207600"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

180
2017/2xxx/CVE-2017-2474.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2474", "ID": "CVE-2017-2474",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41793", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41793/" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. An off-by-one error allows attackers to execute arbitrary code in a privileged context via a crafted app."
{ }
"name" : "https://support.apple.com/HT207601", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207601" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207602", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207602" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207615", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207615" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT207617", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207617" "name": "97137",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/97137"
"name" : "97137", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97137" "name": "https://support.apple.com/HT207601",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207601"
"name" : "1038138", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038138" "name": "41793",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/41793/"
} },
} {
"name": "https://support.apple.com/HT207615",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207615"
},
{
"name": "1038138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038138"
},
{
"name": "https://support.apple.com/HT207602",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207602"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

140
2017/2xxx/CVE-2017-2484.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2484", "ID": "CVE-2017-2484",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the \"Phone\" component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207617", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207617" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the \"Phone\" component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app."
{ }
"name" : "97138", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97138" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038139", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038139" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038139",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038139"
},
{
"name": "97138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97138"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

130
2017/6xxx/CVE-2017-6067.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6067", "ID": "CVE-2017-6067",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.yiwang6.cn/Symphony-XSS1.docx", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.yiwang6.cn/Symphony-XSS1.docx" "lang": "eng",
}, "value": "Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field."
{ }
"name" : "97101", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97101" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.yiwang6.cn/Symphony-XSS1.docx",
"refsource": "MISC",
"url": "https://www.yiwang6.cn/Symphony-XSS1.docx"
},
{
"name": "97101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97101"
}
]
}
}

130
2017/6xxx/CVE-2017-6099.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6099", "ID": "CVE-2017-6099",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/paypal/merchant-sdk-php/issues/129", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/paypal/merchant-sdk-php/issues/129" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter."
{ }
"name" : "96432", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96432" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96432"
},
{
"name": "https://github.com/paypal/merchant-sdk-php/issues/129",
"refsource": "MISC",
"url": "https://github.com/paypal/merchant-sdk-php/issues/129"
}
]
}
}

34
2017/6xxx/CVE-2017-6126.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6126", "ID": "CVE-2017-6126",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/6xxx/CVE-2017-6398.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6398", "ID": "CVE-2017-6398",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec" "lang": "eng",
}, "value": "An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it."
{ }
"name" : "96859", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96859" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96859"
},
{
"name": "https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec",
"refsource": "MISC",
"url": "https://www.rapid7.com/db/modules/exploit/linux/http/trend_micro_imsva_exec"
}
]
}
}

130
2017/6xxx/CVE-2017-6490.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6490", "ID": "CVE-2017-6490",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrowser/grid.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Telaxus/EPESI/issues/167", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/Telaxus/EPESI/issues/167" "lang": "eng",
}, "value": "Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrowser/grid.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
{ }
"name" : "96955", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96955" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96955"
},
{
"name": "https://github.com/Telaxus/EPESI/issues/167",
"refsource": "CONFIRM",
"url": "https://github.com/Telaxus/EPESI/issues/167"
}
]
}
}

140
2017/7xxx/CVE-2017-7016.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7016", "ID": "CVE-2017-7016",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"afclip\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207922", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207922" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"afclip\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file."
{ }
"name" : "99882", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99882" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038951", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038951" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038951"
},
{
"name": "99882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99882"
},
{
"name": "https://support.apple.com/HT207922",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207922"
}
]
}
}

130
2017/7xxx/CVE-2017-7390.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7390", "ID": "CVE-2017-7390",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/andreas83/SocialNetwork/issues/84", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/andreas83/SocialNetwork/issues/84" "lang": "eng",
}, "value": "A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
{ }
"name" : "97312", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97312" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/andreas83/SocialNetwork/issues/84",
"refsource": "CONFIRM",
"url": "https://github.com/andreas83/SocialNetwork/issues/84"
},
{
"name": "97312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97312"
}
]
}
}

230
2017/7xxx/CVE-2017-7674.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2017-08-10T00:00:00", "DATE_PUBLIC": "2017-08-10T00:00:00",
"ID" : "CVE-2017-7674", "ID": "CVE-2017-7674",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Tomcat", "product_name": "Apache Tomcat",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.0.M1 to 9.0.0.M21" "version_value": "9.0.0.M1 to 9.0.0.M21"
}, },
{ {
"version_value" : "8.5.0 to 8.5.15" "version_value": "8.5.0 to 8.5.15"
}, },
{ {
"version_value" : "8.0.0.RC1 to 8.0.44" "version_value": "8.0.0.RC1 to 8.0.44"
}, },
{ {
"version_value" : "7.0.41 to 7.0.78" "version_value": "7.0.41 to 7.0.78"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cache Poisoning"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[announce] 20170810 [SECURITY] CVE-2017-7674 Apache Tomcat Cache Poisoning", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E" "lang": "eng",
}, "value": "The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances."
{ }
"name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" "lang": "eng",
}, "value": "Cache Poisoning"
{ }
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", ]
"refsource" : "CONFIRM", }
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us" ]
}, },
{ "references": {
"name" : "https://security.netapp.com/advisory/ntap-20180614-0003/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20180614-0003/" "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us",
}, "refsource": "CONFIRM",
{ "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"
"name" : "DSA-3974", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3974" "name": "RHSA-2017:1801",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1801"
"name" : "RHSA-2017:3081", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3081" "name": "[announce] 20170810 [SECURITY] CVE-2017-7674 Apache Tomcat Cache Poisoning",
}, "refsource": "MLIST",
{ "url": "https://lists.apache.org/thread.html/22b4bb077502f847e2b9fcf00b96e81e734466ab459780ff73b60c0f@%3Cannounce.tomcat.apache.org%3E"
"name" : "RHSA-2017:1801", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1801" "name": "https://security.netapp.com/advisory/ntap-20180614-0003/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20180614-0003/"
"name" : "RHSA-2017:1802", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1802" "name": "100280",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/100280"
"name" : "100280", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100280" "name": "DSA-3974",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2017/dsa-3974"
} },
} {
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html"
},
{
"name": "RHSA-2017:1802",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1802"
},
{
"name": "RHSA-2017:3081",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3081"
}
]
}
}

140
2017/7xxx/CVE-2017-7717.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7717", "ID": "CVE-2017-7717",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://erpscan.io/advisories/erpscan-17-003-sap-netweaver-7-4-getuseruddielements-sql-injection/", "description_data": [
"refsource" : "MISC", {
"url" : "https://erpscan.io/advisories/erpscan-17-003-sap-netweaver-7-4-getuseruddielements-sql-injection/" "lang": "eng",
}, "value": "SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504."
{ }
"name" : "95364", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95364" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100168", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100168" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "100168",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100168"
},
{
"name": "95364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95364"
},
{
"name": "https://erpscan.io/advisories/erpscan-17-003-sap-netweaver-7-4-getuseruddielements-sql-injection/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-17-003-sap-netweaver-7-4-getuseruddielements-sql-injection/"
}
]
}
}

160
2017/7xxx/CVE-2017-7868.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7868", "ID": "CVE-2017-7868",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.icu-project.org/trac/changeset/39671", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugs.icu-project.org/trac/changeset/39671" "lang": "eng",
}, "value": "International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function."
{ }
"name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437", ]
"refsource" : "MISC", },
"url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3830", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3830" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201710-03", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201710-03" ]
}, },
{ "references": {
"name" : "97674", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97674" "name": "97674",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/97674"
} },
} {
"name": "http://bugs.icu-project.org/trac/changeset/39671",
"refsource": "MISC",
"url": "http://bugs.icu-project.org/trac/changeset/39671"
},
{
"name": "DSA-3830",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3830"
},
{
"name": "GLSA-201710-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-03"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437"
}
]
}
}

120
2017/7xxx/CVE-2017-7945.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7945", "ID": "CVE-2017-7945",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/84", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/84" "lang": "eng",
} "value": "The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/84",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/84"
}
]
}
}

130
2018/10xxx/CVE-2018-10477.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-10477", "ID": "CVE-2018-10477",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.0.29935" "version_value": "9.0.0.29935"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Chain Index objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5396."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-787-Out-of-bounds Write"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-387", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-387" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Chain Index objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5396."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-787-Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-387",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-387"
}
]
}
}

34
2018/10xxx/CVE-2018-10708.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10708", "ID": "CVE-2018-10708",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/14xxx/CVE-2018-14387.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14387", "ID": "CVE-2018-14387",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's account through the active session. The Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/robiso/wondercms/issues/64", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/robiso/wondercms/issues/64" "lang": "eng",
}, "value": "An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's account through the active session. The Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in."
{ }
"name" : "https://www.wondercms.com/whatsnew", ]
"refsource" : "MISC", },
"url" : "https://www.wondercms.com/whatsnew" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/robiso/wondercms/issues/64",
"refsource": "MISC",
"url": "https://github.com/robiso/wondercms/issues/64"
},
{
"name": "https://www.wondercms.com/whatsnew",
"refsource": "MISC",
"url": "https://www.wondercms.com/whatsnew"
}
]
}
}

34
2018/14xxx/CVE-2018-14506.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14506", "ID": "CVE-2018-14506",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/14xxx/CVE-2018-14833.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14833", "ID": "CVE-2018-14833",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/14xxx/CVE-2018-14856.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14856", "ID": "CVE-2018-14856",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi) chip to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14854_CVE-2018-14855_CVE-2018-14856.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14854_CVE-2018-14855_CVE-2018-14856.md" "lang": "eng",
} "value": "Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi) chip to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14854_CVE-2018-14855_CVE-2018-14856.md",
"refsource": "MISC",
"url": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14854_CVE-2018-14855_CVE-2018-14856.md"
}
]
}
}

34
2018/14xxx/CVE-2018-14996.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14996", "ID": "CVE-2018-14996",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/15xxx/CVE-2018-15362.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vulnerability@kaspersky.com", "ASSIGNER": "vulnerability@kaspersky.com",
"ID" : "CVE-2018-15362", "ID": "CVE-2018-15362",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "GE Proficy Cimplicity GDS", "product_name": "GE Proficy Cimplicity GDS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0 R2, 9.5, 10.0" "version_value": "9.0 R2, 9.5, 10.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XXE"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/07/klcert-18-025-general-electric-proficy-gds-xml-external-entity-xxe/", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/07/klcert-18-025-general-electric-proficy-gds-xml-external-entity-xxe/" "lang": "eng",
}, "value": "XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0"
{ }
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-340-01", ]
"refsource" : "MISC", },
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-340-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "106133", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106133" "lang": "eng",
} "value": "XXE"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-340-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-340-01"
},
{
"name": "106133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106133"
},
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/07/klcert-18-025-general-electric-proficy-gds-xml-external-entity-xxe/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/07/klcert-18-025-general-electric-proficy-gds-xml-external-entity-xxe/"
}
]
}
}

120
2018/15xxx/CVE-2018-15683.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15683", "ID": "CVE-2018-15683",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in BTITeam XBTIT. The \"returnto\" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://rastating.github.io/xbtit-multiple-vulnerabilities/", "description_data": [
"refsource" : "MISC", {
"url" : "https://rastating.github.io/xbtit-multiple-vulnerabilities/" "lang": "eng",
} "value": "An issue was discovered in BTITeam XBTIT. The \"returnto\" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rastating.github.io/xbtit-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://rastating.github.io/xbtit-multiple-vulnerabilities/"
}
]
}
}

34
2018/15xxx/CVE-2018-15914.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15914", "ID": "CVE-2018-15914",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/20xxx/CVE-2018-20223.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20223", "ID": "CVE-2018-20223",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/20xxx/CVE-2018-20247.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@checkpoint.com", "ASSIGNER": "cve@checkpoint.com",
"ID" : "CVE-2018-20247", "ID": "CVE-2018-20247",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Quick PDF Library", "product_name": "Foxit Quick PDF Library",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions prior to 16.12" "version_value": "All versions prior to 16.12"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-121: Stack-based Buffer Overflow (3.1)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "lang": "eng",
}, "value": "In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow."
{ }
"name" : "106306", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106306" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow (3.1)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106306"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

34
2018/20xxx/CVE-2018-20503.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20503", "ID": "CVE-2018-20503",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/20xxx/CVE-2018-20584.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20584", "ID": "CVE-2018-20584",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html" "lang": "eng",
}, "value": "JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format."
{ }
"name" : "https://github.com/mdadams/jasper/issues/192", ]
"refsource" : "MISC", },
"url" : "https://github.com/mdadams/jasper/issues/192" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "106356", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106356" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190102 [SECURITY] [DLA 1628-1] jasper security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00003.html"
},
{
"name": "106356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106356"
},
{
"name": "https://github.com/mdadams/jasper/issues/192",
"refsource": "MISC",
"url": "https://github.com/mdadams/jasper/issues/192"
}
]
}
}

140
2018/9xxx/CVE-2018-9160.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9160", "ID": "CVE-2018-9160",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44545", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44545/" "lang": "eng",
}, "value": "SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses."
{ }
"name" : "https://github.com/SickRage/SickRage/commit/8156a74a68aea930d1e1047baba8b115c3abfc44", ]
"refsource" : "MISC", },
"url" : "https://github.com/SickRage/SickRage/commit/8156a74a68aea930d1e1047baba8b115c3abfc44" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/SickRage/sickrage.github.io/blob/master/sickrage-news/CHANGES.md", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/SickRage/sickrage.github.io/blob/master/sickrage-news/CHANGES.md" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SickRage/SickRage/commit/8156a74a68aea930d1e1047baba8b115c3abfc44",
"refsource": "MISC",
"url": "https://github.com/SickRage/SickRage/commit/8156a74a68aea930d1e1047baba8b115c3abfc44"
},
{
"name": "44545",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44545/"
},
{
"name": "https://github.com/SickRage/sickrage.github.io/blob/master/sickrage-news/CHANGES.md",
"refsource": "MISC",
"url": "https://github.com/SickRage/sickrage.github.io/blob/master/sickrage-news/CHANGES.md"
}
]
}
}

34
2018/9xxx/CVE-2018-9368.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9368", "ID": "CVE-2018-9368",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9929.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9929", "ID": "CVE-2018-9929",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }