admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:35:29 +00:00
parent d45096029e
commit 0b827463d0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3617 additions and 3617 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2002/0xxx/CVE-2002-0024.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0024", "ID": "CVE-2002-0024",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS02-005", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005" "lang": "eng",
}, "value": "File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download."
{ }
"name" : "4087", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4087" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4087",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4087"
},
{
"name": "MS02-005",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005"
}
]
}
}

140
2002/0xxx/CVE-2002-0443.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0443", "ID": "CVE-2002-0443",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020307 Windows 2000 password policy bypass possibility", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/260704" "lang": "eng",
}, "value": "Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords."
{ }
"name" : "win2k-password-bypass-policy(8402)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/8402.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4256", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4256" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "win2k-password-bypass-policy(8402)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8402.php"
},
{
"name": "20020307 Windows 2000 password policy bypass possibility",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/260704"
},
{
"name": "4256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4256"
}
]
}
}

140
2002/0xxx/CVE-2002-0457.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0457", "ID": "CVE-2002-0457",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020316 [ARL02-A08] BG Guestbook Cross Site Scripting Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/262693" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message."
{ }
"name" : "4308", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4308" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "bgguestbook-post-css(8474)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8474.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20020316 [ARL02-A08] BG Guestbook Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/262693"
},
{
"name": "bgguestbook-post-css(8474)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8474.php"
},
{
"name": "4308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4308"
}
]
}
}

130
2002/0xxx/CVE-2002-0821.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0821", "ID": "CVE-2002-0821",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00005.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00005.html" "lang": "eng",
}, "value": "Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector."
{ }
"name" : "CLSA-2002:505", ]
"refsource" : "CONECTIVA", },
"url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLSA-2002:505",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505"
},
{
"name": "http://www.ethereal.com/appnotes/enpa-sa-00005.html",
"refsource": "CONFIRM",
"url": "http://www.ethereal.com/appnotes/enpa-sa-00005.html"
}
]
}
}

220
2002/1xxx/CVE-2002-1151.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1151", "ID": "CVE-2002-1151",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103175850925395&w=2" "lang": "eng",
}, "value": "The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains."
{ }
"name" : "http://www.kde.org/info/security/advisory-20020908-2.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://www.kde.org/info/security/advisory-20020908-2.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CSSA-2002-047.0", "description": [
"refsource" : "CALDERA", {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CLA-2002:525", ]
"refsource" : "CONECTIVA", }
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000525" ]
}, },
{ "references": {
"name" : "DSA-167", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-167" "name": "RHSA-2002:220",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2002-220.html"
"name" : "MDKSA-2002:064", },
"refsource" : "MANDRAKE", {
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php" "name": "http://www.kde.org/info/security/advisory-20020908-2.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.kde.org/info/security/advisory-20020908-2.txt"
"name" : "RHSA-2002:220", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-220.html" "name": "ie-sameoriginpolicy-bypass(10039)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/10039.php"
"name" : "RHSA-2002:221", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-221.html" "name": "MDKSA-2002:064",
}, "refsource": "MANDRAKE",
{ "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php"
"name" : "5689", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5689" "name": "DSA-167",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2002/dsa-167"
"name" : "ie-sameoriginpolicy-bypass(10039)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10039.php" "name": "RHSA-2002:221",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2002-221.html"
"name" : "7867", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/7867" "name": "CLA-2002:525",
} "refsource": "CONECTIVA",
] "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000525"
} },
} {
"name": "5689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5689"
},
{
"name": "7867",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7867"
},
{
"name": "CSSA-2002-047.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt"
},
{
"name": "20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103175850925395&w=2"
}
]
}
}

200
2002/1xxx/CVE-2002-1396.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1396", "ID": "CVE-2002-1396",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021227 Buffer overflow in PHP \"wordwrap\" function", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104102689503192&w=2" "lang": "eng",
}, "value": "Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code."
{ }
"name" : "http://bugs.php.net/bug.php?id=20927", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.php.net/bug.php?id=20927" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ESA-20030219-003", "description": [
"refsource" : "ENGARDE", {
"url" : "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "200301-8", ]
"refsource" : "GENTOO", }
"url" : "http://www.securityfocus.com/advisories/4862" ]
}, },
{ "references": {
"name" : "MDKSA-2003:019", "reference_data": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:019" "name": "php-wordwrap-bo(10944)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10944"
"name" : "RHSA-2003:017", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-017.html" "name": "MDKSA-2003:019",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:019"
"name" : "SuSE-SA:2003:0009", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2003_009_mod_php4.html" "name": "6488",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/6488"
"name" : "6488", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6488" "name": "RHSA-2003:017",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-017.html"
"name" : "php-wordwrap-bo(10944)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10944" "name": "ESA-20030219-003",
} "refsource": "ENGARDE",
] "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0003.html"
} },
} {
"name": "20021227 Buffer overflow in PHP \"wordwrap\" function",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104102689503192&w=2"
},
{
"name": "200301-8",
"refsource": "GENTOO",
"url": "http://www.securityfocus.com/advisories/4862"
},
{
"name": "http://bugs.php.net/bug.php?id=20927",
"refsource": "CONFIRM",
"url": "http://bugs.php.net/bug.php?id=20927"
},
{
"name": "SuSE-SA:2003:0009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_009_mod_php4.html"
}
]
}
}

180
2002/1xxx/CVE-2002-1397.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1397", "ID": "CVE-2002-1397",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020819 @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=102977465204357&w=2" "lang": "eng",
}, "value": "Vulnerability in the cash_words() function for PostgreSQL 7.2 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a large negative argument, possibly triggering an integer signedness error or buffer overflow."
{ }
"name" : "http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52", ]
"refsource" : "MISC", },
"url" : "http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CLA-2002:524", "description": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2003:001", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2003-001.html" ]
}, },
{ "references": {
"name" : "5497", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5497" "name": "CLA-2002:524",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524"
"name" : "8034", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/8034" "name": "20020819 @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=102977465204357&w=2"
"name" : "postgresql-cashwords-bo(9891)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9891" "name": "8034",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/8034"
} },
} {
"name": "5497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5497"
},
{
"name": "RHSA-2003:001",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-001.html"
},
{
"name": "postgresql-cashwords-bo(9891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9891"
},
{
"name": "http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52",
"refsource": "MISC",
"url": "http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52"
}
]
}
}

150
2002/1xxx/CVE-2002-1610.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1610", "ID": "CVE-2002-1610",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "SSRT2229", "description_data": [
"refsource" : "HP", {
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00430.html" "lang": "eng",
}, "value": "Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service."
{ }
"name" : "VU#612833", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/612833" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5599", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5599" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "tru64-ping-dos(10014)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10014" ]
} },
] "references": {
} "reference_data": [
} {
"name": "tru64-ping-dos(10014)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10014"
},
{
"name": "5599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5599"
},
{
"name": "VU#612833",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/612833"
},
{
"name": "SSRT2229",
"refsource": "HP",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00430.html"
}
]
}
}

130
2002/2xxx/CVE-2002-2230.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2230", "ID": "CVE-2002-2230",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a \".gif\" or \".jpg\" string, a variant of CVE-2002-0328."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021004 SECURITY.NNOV: ikonboard 3.1.1 CSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0069.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a \".gif\" or \".jpg\" string, a variant of CVE-2002-0328."
{ }
"name" : "ikonboard-html-image-xss(10268)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/10268.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ikonboard-html-image-xss(10268)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10268.php"
},
{
"name": "20021004 SECURITY.NNOV: ikonboard 3.1.1 CSS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0069.html"
}
]
}
}

150
2002/2xxx/CVE-2002-2273.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2273", "ID": "CVE-2002-2273",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows remote attackers to inject arbitrary web script or HTML via the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021201 Advisory: Webster HTTP Server", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/301893" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows remote attackers to inject arbitrary web script or HTML via the URL."
{ }
"name" : "6292", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6292" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3262", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3262" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "webster-path-name-xss(10729)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10729" ]
} },
] "references": {
} "reference_data": [
} {
"name": "6292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6292"
},
{
"name": "20021201 Advisory: Webster HTTP Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/301893"
},
{
"name": "3262",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3262"
},
{
"name": "webster-path-name-xss(10729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10729"
}
]
}
}

180
2005/1xxx/CVE-2005-1657.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1657", "ID": "CVE-2005-1657",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "16220", "description_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16220" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml."
{ }
"name" : "16221", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/16221" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16222", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16222" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16223", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/16223" ]
}, },
{ "references": {
"name" : "16224", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16224" "name": "16225",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/16225"
"name" : "16225", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16225" "name": "16220",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/16220"
"name" : "15234", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15234" "name": "16222",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/16222"
} },
} {
"name": "15234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15234"
},
{
"name": "16223",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16223"
},
{
"name": "16221",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16221"
},
{
"name": "16224",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16224"
}
]
}
}

34
2005/1xxx/CVE-2005-1938.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-1938", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-1938",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1250. Reason: This candidate is a duplicate of CVE-2005-1250. Notes: this duplicate occurred as a result of multiple independent discoveries and insufficient coordination by the vendor and CNA. All CVE users should reference CVE-2005-1250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1250. Reason: This candidate is a duplicate of CVE-2005-1250. Notes: this duplicate occurred as a result of multiple independent discoveries and insufficient coordination by the vendor and CNA. All CVE users should reference CVE-2005-1250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

150
2005/1xxx/CVE-2005-1949.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1949", "ID": "CVE-2005-1949",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050609 Arbitrary code execution in eping plugin", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111835539312985&w=2" "lang": "eng",
}, "value": "The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter."
{ }
"name" : "20050610 Re: Arbitrary code execution in eping plugin", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=111868460811287&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://e107plugins.co.uk/news.php", "description": [
"refsource" : "CONFIRM", {
"url" : "http://e107plugins.co.uk/news.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15678", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/15678" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20050609 Arbitrary code execution in eping plugin",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111835539312985&w=2"
},
{
"name": "20050610 Re: Arbitrary code execution in eping plugin",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111868460811287&w=2"
},
{
"name": "http://e107plugins.co.uk/news.php",
"refsource": "CONFIRM",
"url": "http://e107plugins.co.uk/news.php"
},
{
"name": "15678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15678"
}
]
}
}

170
2009/1xxx/CVE-2009-1266.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1266", "ID": "CVE-2009-1266",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090417 rPSA-2009-0062-1 tshark wireshark", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/502745/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors."
{ }
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0062", ]
"refsource" : "CONFIRM", },
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0062" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SR:2009:011", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34778", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/34778" ]
}, },
{ "references": {
"name" : "35416", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35416" "name": "34778",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34778"
"name" : "wireshark-unspecified(50334)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50334" "name": "SUSE-SR:2009:011",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
} },
} {
"name": "20090417 rPSA-2009-0062-1 tshark wireshark",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502745/100/0/threaded"
},
{
"name": "wireshark-unspecified(50334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50334"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0062",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0062"
}
]
}
}

190
2009/1xxx/CVE-2009-1515.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1515", "ID": "CVE-2009-1515",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[file] 20090501 file 5.01 is now available", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mx.gw.com/pipermail/file/2009/000379.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603", ]
"refsource" : "MISC", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820", "description": [
"refsource" : "MISC", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz", ]
"refsource" : "CONFIRM", }
"url" : "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz" ]
}, },
{ "references": {
"name" : "MDVSA-2009:129", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129" "name": "MDVSA-2009:129",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:129"
"name" : "34745", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34745" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603",
}, "refsource": "MISC",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603"
"name" : "54100", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/54100" "name": "34745",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34745"
"name" : "34881", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34881" "name": "[file] 20090501 file 5.01 is now available",
} "refsource": "MLIST",
] "url": "http://mx.gw.com/pipermail/file/2009/000379.html"
} },
} {
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820"
},
{
"name": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz",
"refsource": "CONFIRM",
"url": "ftp://ftp.astron.com/pub/file/file-5.01.tar.gz"
},
{
"name": "34881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34881"
},
{
"name": "54100",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/54100"
}
]
}
}

160
2009/1xxx/CVE-2009-1601.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1601", "ID": "CVE-2009-1601",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://launchpad.net/bugs/365823", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://launchpad.net/bugs/365823" "lang": "eng",
}, "value": "The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory."
{ }
"name" : "USN-770-1", ]
"refsource" : "UBUNTU", },
"url" : "http://www.ubuntu.com/usn/USN-770-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34818", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34818" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35000", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/35000" ]
}, },
{ "references": {
"name" : "clamav-clamavmilter-security-bypass(50311)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50311" "name": "USN-770-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-770-1"
} },
} {
"name": "clamav-clamavmilter-security-bypass(50311)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50311"
},
{
"name": "https://launchpad.net/bugs/365823",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/365823"
},
{
"name": "35000",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35000"
},
{
"name": "34818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34818"
}
]
}
}

120
2009/5xxx/CVE-2009-5110.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-5110", "ID": "CVE-2009-5110",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dhttpd allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ha.ckers.org/slowloris/", "description_data": [
"refsource" : "MISC", {
"url" : "http://ha.ckers.org/slowloris/" "lang": "eng",
} "value": "dhttpd allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ha.ckers.org/slowloris/",
"refsource": "MISC",
"url": "http://ha.ckers.org/slowloris/"
}
]
}
}

190
2012/0xxx/CVE-2012-0147.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-0147", "ID": "CVE-2012-0147",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-026", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026" "lang": "eng",
}, "value": "Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka \"Unfiltered Access to UAG Default Website Vulnerability.\""
{ }
"name" : "TA12-101A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-101A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52909", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52909" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "81132", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/81132" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:15557", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557" "name": "TA12-101A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA12-101A.html"
"name" : "1026909", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026909" "name": "1026909",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026909"
"name" : "48787", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48787" "name": "MS12-026",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-026"
"name" : "ms-forefront-uag-info-disclosure(74368)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368" "name": "oval:org.mitre.oval:def:15557",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15557"
} },
} {
"name": "52909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52909"
},
{
"name": "48787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48787"
},
{
"name": "ms-forefront-uag-info-disclosure(74368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74368"
},
{
"name": "81132",
"refsource": "OSVDB",
"url": "http://osvdb.org/81132"
}
]
}
}

270
2012/0xxx/CVE-2012-0443.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0443", "ID": "CVE-2012-0443",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665578", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665578" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=684938", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=684938" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=692817", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=692817" ]
}, },
{ "references": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=695076", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=695076" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=711651",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=711651"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=696748", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=696748" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=665578",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=665578"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=707051", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=707051" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=712169",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=712169"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=711651", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=711651" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=695076",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=695076"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=712169", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=712169" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=714600",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=714600"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=712289", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=712289" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=684938",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=684938"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=713209", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=713209" "name": "oval:org.mitre.oval:def:14444",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14444"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=714600", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=714600" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=713209",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=713209"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=715662", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=715662" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=707051",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=707051"
"name" : "MDVSA-2012:013", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=696748",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=696748"
"name" : "openSUSE-SU-2012:0234", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=715662",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=715662"
"name" : "oval:org.mitre.oval:def:14444", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14444" "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html",
} "refsource": "CONFIRM",
] "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html"
} },
} {
"name": "MDVSA-2012:013",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=712289",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=712289"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=692817",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=692817"
},
{
"name": "openSUSE-SU-2012:0234",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html"
}
]
}
}

170
2012/0xxx/CVE-2012-0659.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-0659", "ID": "CVE-2012-0659",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5281", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5281" "lang": "eng",
}, "value": "Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file."
{ }
"name" : "http://support.apple.com/kb/HT5261", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5261" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2012-05-09-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2012-05-15-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00005.html" ]
}, },
{ "references": {
"name" : "53445", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53445" "name": "http://support.apple.com/kb/HT5261",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5261"
"name" : "53467", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53467" "name": "53445",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/53445"
} },
} {
"name": "APPLE-SA-2012-05-15-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00005.html"
},
{
"name": "http://support.apple.com/kb/HT5281",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
},
{
"name": "53467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53467"
}
]
}
}

34
2012/2xxx/CVE-2012-2266.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-2266", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-2266",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

130
2012/2xxx/CVE-2012-2647.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2012-2647", "ID": "CVE-2012-2647",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#51769987", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN51769987/index.html" "lang": "eng",
}, "value": "Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page."
{ }
"name" : "JVNDB-2012-000072", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#51769987",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51769987/index.html"
},
{
"name": "JVNDB-2012-000072",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000072"
}
]
}
}

160
2012/3xxx/CVE-2012-3398.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3398", "ID": "CVE-2012-3398",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120717 Moodle security notifications public", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2012/07/17/1" "lang": "eng",
}, "value": "Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records."
{ }
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126", ]
"refsource" : "CONFIRM", },
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "54481", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54481" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "49890", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/49890" ]
}, },
{ "references": {
"name" : "moodle-database-dos(76964)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76964" "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126",
} "refsource": "CONFIRM",
] "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126"
} },
} {
"name": "moodle-database-dos(76964)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76964"
},
{
"name": "49890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49890"
},
{
"name": "[oss-security] 20120717 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/07/17/1"
},
{
"name": "54481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54481"
}
]
}
}

132
2012/3xxx/CVE-2012-3536.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2018-02-26T00:00:00", "DATE_PUBLIC": "2018-02-26T00:00:00",
"ID" : "CVE-2012-3536", "ID": "CVE-2012-3536",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Hupa", "product_name": "Apache Hupa",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Hupa versions prior to 0.0.3" "version_value": "Hupa versions prior to 0.0.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XSS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1373762", "description_data": [
"refsource" : "MISC", {
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1373762" "lang": "eng",
}, "value": "Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3."
{ }
"name" : "https://james.apache.org/hupa/index.html", ]
"refsource" : "MISC", },
"url" : "https://james.apache.org/hupa/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://james.apache.org/hupa/index.html",
"refsource": "MISC",
"url": "https://james.apache.org/hupa/index.html"
},
{
"name": "http://svn.apache.org/viewvc?view=revision&revision=1373762",
"refsource": "MISC",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1373762"
}
]
}
}

170
2012/3xxx/CVE-2012-3679.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-3679", "ID": "CVE-2012-3679",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5400", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5400" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
{ }
"name" : "http://support.apple.com/kb/HT5485", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5485" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5503", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2012-07-25-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-09-12-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "APPLE-SA-2012-09-19-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
} },
} {
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
}

180
2012/4xxx/CVE-2012-4025.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4025", "ID": "CVE-2012-4025",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/07/19/6" "lang": "eng",
}, "value": "Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow."
{ }
"name" : "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel", ]
"refsource" : "MISC", },
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001", "description": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201612-40", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201612-40" ]
}, },
{ "references": {
"name" : "MDVSA-2013:128", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128" "name": "[oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/07/19/6"
"name" : "54610", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54610" "name": "83899",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/83899"
"name" : "83899", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/83899" "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001",
} "refsource": "CONFIRM",
] "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0001"
} },
} {
"name": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel",
"refsource": "MISC",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel"
},
{
"name": "54610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54610"
},
{
"name": "GLSA-201612-40",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-40"
},
{
"name": "MDVSA-2013:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
}
]
}
}

180
2012/4xxx/CVE-2012-4330.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4330", "ID": "CVE-2012-4330",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120419 Vulnerabilities in Samsung TV (remote controller protocol)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0142.html" "lang": "eng",
}, "value": "The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow."
{ }
"name" : "18751", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/18751" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://aluigi.org/adv/samsux_1-adv.txt", "description": [
"refsource" : "MISC", {
"url" : "http://aluigi.org/adv/samsux_1-adv.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "53161", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/53161" ]
}, },
{ "references": {
"name" : "81222", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/81222" "name": "53161",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/53161"
"name" : "1026976", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026976" "name": "20120419 Vulnerabilities in Samsung TV (remote controller protocol)",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0142.html"
"name" : "samsungtv-string-dos(74928)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74928" "name": "81222",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/81222"
} },
} {
"name": "samsungtv-string-dos(74928)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74928"
},
{
"name": "http://aluigi.org/adv/samsux_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/samsux_1-adv.txt"
},
{
"name": "18751",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18751"
},
{
"name": "1026976",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026976"
}
]
}
}

160
2012/4xxx/CVE-2012-4446.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4446", "ID": "CVE-2012-4446",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=851355", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=851355" "lang": "eng",
}, "value": "The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request."
{ }
"name" : "https://issues.apache.org/jira/browse/QPID-4631", ]
"refsource" : "CONFIRM", },
"url" : "https://issues.apache.org/jira/browse/QPID-4631" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:0561", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0561.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:0562", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0562.html" ]
}, },
{ "references": {
"name" : "52516", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52516" "name": "https://issues.apache.org/jira/browse/QPID-4631",
} "refsource": "CONFIRM",
] "url": "https://issues.apache.org/jira/browse/QPID-4631"
} },
} {
"name": "RHSA-2013:0561",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0561.html"
},
{
"name": "RHSA-2013:0562",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0562.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=851355",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=851355"
},
{
"name": "52516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52516"
}
]
}
}

320
2012/4xxx/CVE-2012-4544.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4544", "ID": "CVE-2012-4544",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121026 Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/10/26/3" "lang": "eng",
}, "value": "The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk."
{ }
"name" : "DSA-2636", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2013/dsa-2636" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2012-17135", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2012-17204", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html" ]
}, },
{ "references": {
"name" : "FEDORA-2012-17408", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html" "name": "SUSE-SU-2014:0470",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html"
"name" : "RHSA-2013:0241", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0241.html" "name": "51071",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51071"
"name" : "SUSE-SU-2012:1486", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html" "name": "[oss-security] 20121026 Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/10/26/3"
"name" : "SUSE-SU-2012:1487", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html" "name": "FEDORA-2012-17408",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091832.html"
"name" : "openSUSE-SU-2012:1572", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html" "name": "51413",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51413"
"name" : "SUSE-SU-2014:0411", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html" "name": "FEDORA-2012-17204",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091844.html"
"name" : "SUSE-SU-2014:0446", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html" "name": "SUSE-SU-2012:1486",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html"
"name" : "SUSE-SU-2014:0470", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html" "name": "DSA-2636",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2636"
"name" : "openSUSE-SU-2012:1573", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html" "name": "xen-pvdomainbuilder-dos(79617)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79617"
"name" : "56289", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56289" "name": "FEDORA-2012-17135",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092050.html"
"name" : "86619", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/86619" "name": "56289",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/56289"
"name" : "1027699", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027699" "name": "1027699",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027699"
"name" : "51071", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51071" "name": "RHSA-2013:0241",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0241.html"
"name" : "51413", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51413" "name": "openSUSE-SU-2012:1572",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
"name" : "51324", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51324" "name": "86619",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/86619"
"name" : "51352", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51352" "name": "SUSE-SU-2012:1487",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html"
"name" : "xen-pvdomainbuilder-dos(79617)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79617" "name": "SUSE-SU-2014:0446",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
} },
} {
"name": "51352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51352"
},
{
"name": "51324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51324"
},
{
"name": "SUSE-SU-2014:0411",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00015.html"
},
{
"name": "openSUSE-SU-2012:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
}
]
}
}

140
2012/4xxx/CVE-2012-4836.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-4836", "ID": "CVE-2012-4836",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is not properly handled during rendering of stored data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is not properly handled during rendering of stored data."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "cognos-business-intel-xss(78918)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78918" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697"
},
{
"name": "cognos-business-intel-xss(78918)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78918"
}
]
}
}

34
2012/6xxx/CVE-2012-6288.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6288", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-6288",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

150
2012/6xxx/CVE-2012-6691.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6691", "ID": "CVE-2012-6691",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120404 Multiple vulnerabilities in osCmax", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) status parameter to admin/stats_monthly_sales.php or (2) country parameter in a process action to admin/create_account_process.php."
{ }
"name" : "https://www.htbridge.com/advisory/HTB23081", ]
"refsource" : "MISC", },
"url" : "https://www.htbridge.com/advisory/HTB23081" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "74753", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/74753" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://www.htbridge.com/advisory/HTB23081",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23081"
},
{
"name": "20120404 Multiple vulnerabilities in osCmax",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html"
},
{
"name": "74753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74753"
},
{
"name": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update",
"refsource": "CONFIRM",
"url": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update"
}
]
}
}

34
2017/2xxx/CVE-2017-2036.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-2036", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-2036",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/2xxx/CVE-2017-2087.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-2087", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-2087",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

130
2017/2xxx/CVE-2017-2270.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2270", "ID": "CVE-2017-2270",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Encrypted files in self-decryption format created by FileCapsule Deluxe Portable", "product_name": "Encrypted files in self-decryption format created by FileCapsule Deluxe Portable",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Ver.2.0.9 and earlier" "version_value": "Ver.2.0.9 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Tomoki Fuke" "vendor_name": "Tomoki Fuke"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://resumenext.blog.fc2.com/blog-entry-30.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://resumenext.blog.fc2.com/blog-entry-30.html" "lang": "eng",
}, "value": "Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.2.0.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
{ }
"name" : "JVN#42031953", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN42031953/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://resumenext.blog.fc2.com/blog-entry-30.html",
"refsource": "CONFIRM",
"url": "http://resumenext.blog.fc2.com/blog-entry-30.html"
},
{
"name": "JVN#42031953",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN42031953/index.html"
}
]
}
}

34
2017/2xxx/CVE-2017-2754.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-2754", "ID": "CVE-2017-2754",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/2xxx/CVE-2017-2969.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-2969", "ID": "CVE-2017-2969",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Campaign 16.4 Build 8724 and earlier.", "product_name": "Adobe Campaign 16.4 Build 8724 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Campaign 16.4 Build 8724 and earlier." "version_value": "Adobe Campaign 16.4 Build 8724 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting (XSS)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/campaign/apsb17-03.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/campaign/apsb17-03.html" "lang": "eng",
}, "value": "Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability."
{ }
"name" : "96200", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96200" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/campaign/apsb17-03.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/campaign/apsb17-03.html"
},
{
"name": "96200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96200"
}
]
}
}

180
2017/6xxx/CVE-2017-6517.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6517", "ID": "CVE-2017-6517",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20170316 Skype Insecure Library Loading Vulnerability (api-ms-win-core-winrt-string-l1-1-0.dll)", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Mar/44" "lang": "eng",
}, "value": "Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded by Skype. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge.The specific flaw exists within the handling of DLL (api-ms-win-core-winrt-string-l1-1-0.dll) loading by the Skype.exe process."
{ }
"name" : "http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://twitter.com/tiger_tigerboy/status/755332687141883904", "description": [
"refsource" : "MISC", {
"url" : "https://twitter.com/tiger_tigerboy/status/755332687141883904" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://twitter.com/vysecurity/status/845013670103003138", ]
"refsource" : "MISC", }
"url" : "https://twitter.com/vysecurity/status/845013670103003138" ]
}, },
{ "references": {
"name" : "https://technet.microsoft.com/security/cc308575.aspx", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://technet.microsoft.com/security/cc308575.aspx" "name": "20170316 Skype Insecure Library Loading Vulnerability (api-ms-win-core-winrt-string-l1-1-0.dll)",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2017/Mar/44"
"name" : "96969", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96969" "name": "https://twitter.com/tiger_tigerboy/status/755332687141883904",
}, "refsource": "MISC",
{ "url": "https://twitter.com/tiger_tigerboy/status/755332687141883904"
"name" : "1038209", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038209" "name": "https://twitter.com/vysecurity/status/845013670103003138",
} "refsource": "MISC",
] "url": "https://twitter.com/vysecurity/status/845013670103003138"
} },
} {
"name": "96969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96969"
},
{
"name": "1038209",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038209"
},
{
"name": "https://technet.microsoft.com/security/cc308575.aspx",
"refsource": "CONFIRM",
"url": "https://technet.microsoft.com/security/cc308575.aspx"
},
{
"name": "http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/141650/Skype-7.16.0.102-DLL-Hijacking.html"
}
]
}
}

140
2017/6xxx/CVE-2017-6746.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6746", "ID": "CVE-2017-6746",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Web Security Appliance", "product_name": "Cisco Web Security Appliance",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Web Security Appliance" "version_value": "Cisco Web Security Appliance"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command Injection and Privilege Escalation Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1" "lang": "eng",
}, "value": "A vulnerability in the web interface of the Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform command injection and elevate privileges to root. The attacker must authenticate with valid administrator credentials. Affected Products: Cisco AsyncOS Software 10.0 and later for WSA on both virtual and hardware appliances. More Information: CSCvd88862. Known Affected Releases: 10.1.0-204. Known Fixed Releases: 10.5.1-270 10.1.1-235."
{ }
"name" : "99877", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99877" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038948", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038948" "lang": "eng",
} "value": "Command Injection and Privilege Escalation Vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99877"
},
{
"name": "1038948",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038948"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa1"
}
]
}
}

140
2018/11xxx/CVE-2018-11512.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11512", "ID": "CVE-2018-11512",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stored cross-site scripting (XSS) vulnerability in the \"Website's name\" field found in the \"Settings\" page under the \"General\" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44790", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44790/" "lang": "eng",
}, "value": "Stored cross-site scripting (XSS) vulnerability in the \"Website's name\" field found in the \"Settings\" page under the \"General\" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general."
{ }
"name" : "https://github.com/Creatiwity/wityCMS/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44", ]
"refsource" : "MISC", },
"url" : "https://github.com/Creatiwity/wityCMS/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/Creatiwity/wityCMS/issues/150", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/Creatiwity/wityCMS/issues/150" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Creatiwity/wityCMS/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44",
"refsource": "MISC",
"url": "https://github.com/Creatiwity/wityCMS/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44"
},
{
"name": "44790",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44790/"
},
{
"name": "https://github.com/Creatiwity/wityCMS/issues/150",
"refsource": "MISC",
"url": "https://github.com/Creatiwity/wityCMS/issues/150"
}
]
}
}

130
2018/11xxx/CVE-2018-11938.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2018-11938", "ID": "CVE-2018-11938",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130" "version_value": "IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper input validation for argument received from HLOS can lead to buffer overflows and unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input in Trusted Application Environment"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.qualcomm.com/company/product-security/bulletins", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.qualcomm.com/company/product-security/bulletins" "lang": "eng",
}, "value": "Improper input validation for argument received from HLOS can lead to buffer overflows and unexpected behavior in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130."
{ }
"name" : "106845", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106845" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in Trusted Application Environment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name": "106845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106845"
}
]
}
}

130
2018/14xxx/CVE-2018-14009.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14009", "ID": "CVE-2018-14009",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Codiad/Codiad/issues/1078", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Codiad/Codiad/issues/1078" "lang": "eng",
}, "value": "Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689."
{ }
"name" : "https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit", ]
"refsource" : "MISC", },
"url" : "https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit",
"refsource": "MISC",
"url": "https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit"
},
{
"name": "https://github.com/Codiad/Codiad/issues/1078",
"refsource": "MISC",
"url": "https://github.com/Codiad/Codiad/issues/1078"
}
]
}
}

34
2018/14xxx/CVE-2018-14841.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14841", "ID": "CVE-2018-14841",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/14xxx/CVE-2018-14866.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14866", "ID": "CVE-2018-14866",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/15xxx/CVE-2018-15049.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15049", "ID": "CVE-2018-15049",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/15xxx/CVE-2018-15539.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15539", "ID": "CVE-2018-15539",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20181011 Cockpit CMS Multiple Vulnerabilities (CVE-2018-15538, CVE-2018-15539, CVE-2018-15540)", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/Oct/30" "lang": "eng",
} "value": "Agentejo Cockpit lacks an anti-CSRF protection mechanism. Thus, an attacker is able to change API tokens, passwords, etc."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181011 Cockpit CMS Multiple Vulnerabilities (CVE-2018-15538, CVE-2018-15539, CVE-2018-15540)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Oct/30"
}
]
}
}

186
2018/15xxx/CVE-2018-15754.json
View File

@ -1,95 +1,95 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@dell.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC" : "2018-12-10T00:00:00.000Z", "DATE_PUBLIC": "2018-12-10T00:00:00.000Z",
"ID" : "CVE-2018-15754", "ID": "CVE-2018-15754",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "UAA can issue tokens across identity providers if users with matching usernames exist" "TITLE": "UAA can issue tokens across identity providers if users with matching usernames exist"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "UAA Release", "product_name": "UAA Release",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_name" : "60", "version_name": "60",
"version_value" : "66.0" "version_value": "66.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cloud Foundry" "vendor_name": "Cloud Foundry"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 4.2,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Authentication"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.cloudfoundry.org/blog/cve-2018-15754", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.cloudfoundry.org/blog/cve-2018-15754" "lang": "eng",
}, "value": "Cloud Foundry UAA, versions 60 prior to 66.0, contain an authorization logic error. In environments with multiple identity providers that contain accounts across identity providers with the same username, a remote authenticated user with access to one of these accounts may be able to obtain a token for an account of the same username in the other identity provider."
{ }
"name" : "https://www.cloudfoundry.org/blog/cve-2018-15754/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.cloudfoundry.org/blog/cve-2018-15754/" "impact": {
}, "cvss": {
{ "attackComplexity": "HIGH",
"name" : "106240", "attackVector": "NETWORK",
"refsource" : "BID", "availabilityImpact": "NONE",
"url" : "http://www.securityfocus.com/bid/106240" "baseScore": 4.2,
} "baseSeverity": "MEDIUM",
] "confidentialityImpact": "LOW",
}, "integrityImpact": "LOW",
"source" : { "privilegesRequired": "LOW",
"discovery" : "UNKNOWN" "scope": "UNCHANGED",
} "userInteraction": "NONE",
} "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106240"
},
{
"name": "https://www.cloudfoundry.org/blog/cve-2018-15754/",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2018-15754/"
},
{
"name": "https://www.cloudfoundry.org/blog/cve-2018-15754",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2018-15754"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

140
2018/15xxx/CVE-2018-15926.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-15926", "ID": "CVE-2018-15926",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader", "product_name": "Adobe Acrobat and Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe" "vendor_name": "Adobe"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "105439", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105439" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041809", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041809" "lang": "eng",
} "value": "Out-of-bounds read"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "105439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105439"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
}
]
}
}

34
2018/20xxx/CVE-2018-20080.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20080", "ID": "CVE-2018-20080",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/20xxx/CVE-2018-20186.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20186", "ID": "CVE-2018-20186",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/axiomatic-systems/Bento4/issues/342", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/axiomatic-systems/Bento4/issues/342" "lang": "eng",
} "value": "An issue was discovered in Bento4 1.5.1-627. AP4_Sample::ReadData in Core/Ap4Sample.cpp allows attackers to trigger an attempted excessive memory allocation, related to AP4_DataBuffer::SetDataSize and AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/axiomatic-systems/Bento4/issues/342",
"refsource": "MISC",
"url": "https://github.com/axiomatic-systems/Bento4/issues/342"
}
]
}
}

142
2018/20xxx/CVE-2018-20252.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@checkpoint.com", "ASSIGNER": "cve@checkpoint.com",
"DATE_PUBLIC" : "2019-02-05T00:00:00", "DATE_PUBLIC": "2019-02-05T00:00:00",
"ID" : "CVE-2018-20252", "ID": "CVE-2018-20252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WinRAR", "product_name": "WinRAR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions prior and including 5.60" "version_value": "All versions prior and including 5.60"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Check Point Software Technologies Ltd." "vendor_name": "Check Point Software Technologies Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-787: Out-of-bounds Write"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.win-rar.com/whatsnew.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.win-rar.com/whatsnew.html" "lang": "eng",
}, "value": "In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user."
{ }
"name" : "https://research.checkpoint.com/extracting-code-execution-from-winrar/", ]
"refsource" : "MISC", },
"url" : "https://research.checkpoint.com/extracting-code-execution-from-winrar/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "106948", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106948" "lang": "eng",
} "value": "CWE-787: Out-of-bounds Write"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://research.checkpoint.com/extracting-code-execution-from-winrar/",
"refsource": "MISC",
"url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"
},
{
"name": "106948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106948"
},
{
"name": "https://www.win-rar.com/whatsnew.html",
"refsource": "MISC",
"url": "https://www.win-rar.com/whatsnew.html"
}
]
}
}

120
2018/20xxx/CVE-2018-20441.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20441", "ID": "CVE-2018-20441",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html" "lang": "eng",
} "value": "Technicolor TC7200.TH2v2 SC05.00.22 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html",
"refsource": "MISC",
"url": "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html"
}
]
}
}

160
2018/9xxx/CVE-2018-9263.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9263", "ID": "CVE-2018-9263",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html" "lang": "eng",
}, "value": "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. This was addressed in epan/dissectors/packet-kerberos.c by ensuring a nonzero key length."
{ }
"name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14576", "description": [
"refsource" : "MISC", {
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14576" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4fe65168fd0de81306710330aa414f10f53cbdf0", ]
"refsource" : "MISC", }
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4fe65168fd0de81306710330aa414f10f53cbdf0" ]
}, },
{ "references": {
"name" : "https://www.wireshark.org/security/wnpa-sec-2018-23.html", "reference_data": [
"refsource" : "MISC", {
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-23.html" "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4fe65168fd0de81306710330aa414f10f53cbdf0",
} "refsource": "MISC",
] "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4fe65168fd0de81306710330aa414f10f53cbdf0"
} },
} {
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14576",
"refsource": "MISC",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14576"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2018-23.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-23.html"
},
{
"name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"
},
{
"name": "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html"
}
]
}
}

34
2018/9xxx/CVE-2018-9623.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9623", "ID": "CVE-2018-9623",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }