admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:19:01 +00:00
parent fad7354c50
commit 0c157b19f6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 3969 additions and 3969 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/0xxx/CVE-2002-0140.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0140", "ID": "CVE-2002-0140",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicious DNS sites to cause a denial of service and possibly execute arbitrary code via a long or malformed DNS reply, which is not handled properly by parse_query, get_objectname, and possibly other functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020120 dnrd 2.10 dos", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/251619" "lang": "eng",
}, "value": "Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicious DNS sites to cause a denial of service and possibly execute arbitrary code via a long or malformed DNS reply, which is not handled properly by parse_query, get_objectname, and possibly other functions."
{ }
"name" : "3928", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3928" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "dnrd-dns-dos(7957)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7957.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "dnrd-dns-dos(7957)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7957.php"
},
{
"name": "3928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3928"
},
{
"name": "20020120 dnrd 2.10 dos",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/251619"
}
]
}
}

160
2002/0xxx/CVE-2002-0175.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0175", "ID": "CVE-2002-0175",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the \"'\" and \"I\" characters, which are implemented in libc but not libsafe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020320 Bypassing libsafe format string protection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/263121" "lang": "eng",
}, "value": "libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the \"'\" and \"I\" characters, which are implemented in libc but not libsafe."
{ }
"name" : "20020320 [VulnWatch] Bypassing libsafe format string protection", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2002:026", "description": [
"refsource" : "MANDRAKE", {
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4326", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/4326" ]
}, },
{ "references": {
"name" : "libsafe-flagchar-protection-bypass(8593)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8593.php" "name": "libsafe-flagchar-protection-bypass(8593)",
} "refsource": "XF",
] "url": "http://www.iss.net/security_center/static/8593.php"
} },
} {
"name": "20020320 [VulnWatch] Bypassing libsafe format string protection",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html"
},
{
"name": "20020320 Bypassing libsafe format string protection",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/263121"
},
{
"name": "4326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4326"
},
{
"name": "MDKSA-2002:026",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php"
}
]
}
}

150
2002/0xxx/CVE-2002-0546.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0546", "ID": "CVE-2002-0546",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020403 Winamp: Mp3 file can control the minibrowser", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file."
{ }
"name" : "20020403 Re: Winamp: Mp3 file can control the minibrowser", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "winamp-mp3-browser-css(8753)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8753.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4414", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/4414" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20020403 Re: Winamp: Mp3 file can control the minibrowser",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html"
},
{
"name": "20020403 Winamp: Mp3 file can control the minibrowser",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html"
},
{
"name": "winamp-mp3-browser-css(8753)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8753.php"
},
{
"name": "4414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4414"
}
]
}
}

150
2002/0xxx/CVE-2002-0829.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0829", "ID": "CVE-2002-0829",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "FreeBSD-SA-02:35.ffs", "description_data": [
"refsource" : "FREEBSD", {
"url" : "http://marc.info/?l=bugtraq&m=102865404413458&w=2" "lang": "eng",
}, "value": "Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system."
{ }
"name" : "freebsd-ffs-integer-overflow(9771)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/9771.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5399", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5399" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5073", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/5073" ]
} },
] "references": {
} "reference_data": [
} {
"name": "5399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5399"
},
{
"name": "FreeBSD-SA-02:35.ffs",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq&m=102865404413458&w=2"
},
{
"name": "5073",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5073"
},
{
"name": "freebsd-ffs-integer-overflow(9771)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9771.php"
}
]
}
}

140
2002/0xxx/CVE-2002-0912.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0912", "ID": "CVE-2002-0912",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-129", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-129" "lang": "eng",
}, "value": "in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other operating systems, does not properly terminate long strings, which allows remote attackers to cause a denial of service, possibly due to a buffer overflow."
{ }
"name" : "debian-in-uucpd-dos(9230)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/9230.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4910", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4910" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "DSA-129",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-129"
},
{
"name": "debian-in-uucpd-dos(9230)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9230.php"
},
{
"name": "4910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4910"
}
]
}
}

140
2002/1xxx/CVE-2002-1019.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1019", "ID": "CVE-2002-1019",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020712 [VulnWatch] Vulnerability found: The Adobe eBook Library (fwd)", "description_data": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html" "lang": "eng",
}, "value": "The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp."
{ }
"name" : "20020712 Vulnerability found: The Adobe eBook Library", ]
"refsource" : "VULN-DEV", },
"url" : "http://marc.info/?l=vuln-dev&m=102649215618643&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20020712 Vulnerability found: The Adobe eBook Library", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=vuln-dev&m=102650064028760&w=2" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20020712 [VulnWatch] Vulnerability found: The Adobe eBook Library (fwd)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0020.html"
},
{
"name": "20020712 Vulnerability found: The Adobe eBook Library",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=vuln-dev&m=102650064028760&w=2"
},
{
"name": "20020712 Vulnerability found: The Adobe eBook Library",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=102649215618643&w=2"
}
]
}
}

140
2002/1xxx/CVE-2002-1082.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1082", "ID": "CVE-2002-1082",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Image Upload capability for ezContents 1.40 and earlier allows remote attackers to cause ezContents to perform operations on local files as if they were uploaded."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020725 [VulnWatch] ezContents multiple vulnerabilities", "description_data": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html" "lang": "eng",
}, "value": "The Image Upload capability for ezContents 1.40 and earlier allows remote attackers to cause ezContents to perform operations on local files as if they were uploaded."
{ }
"name" : "20020725 ezContents multiple vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://online.securityfocus.com/archive/1/284229" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ezcontents-image-file-upload(9698)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9698.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20020725 ezContents multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/284229"
},
{
"name": "20020725 [VulnWatch] ezContents multiple vulnerabilities",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html"
},
{
"name": "ezcontents-image-file-upload(9698)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9698.php"
}
]
}
}

180
2002/1xxx/CVE-2002-1380.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1380", "ID": "CVE-2002-1380",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-336", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2003/dsa-336" "lang": "eng",
}, "value": "Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface."
{ }
"name" : "ESA-20030318-009", ]
"refsource" : "ENGARDE", },
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2003:039", "description": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2003:088", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2003-088.html" ]
}, },
{ "references": {
"name" : "2002-0083", "reference_data": [
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.net/errata/misc/2002/TSL-2002-0083-kernel.asc.txt" "name": "DSA-336",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2003/dsa-336"
"name" : "6420", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6420" "name": "RHSA-2003:088",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-088.html"
"name" : "linux-protread-mmap-dos(10884)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10884" "name": "ESA-20030318-009",
} "refsource": "ENGARDE",
] "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html"
} },
} {
"name": "6420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6420"
},
{
"name": "MDKSA-2003:039",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039"
},
{
"name": "linux-protread-mmap-dos(10884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10884"
},
{
"name": "2002-0083",
"refsource": "TRUSTIX",
"url": "http://www.trustix.net/errata/misc/2002/TSL-2002-0083-kernel.asc.txt"
}
]
}
}

120
2002/1xxx/CVE-2002-1474.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1474", "ID": "CVE-2002-1474",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "SSRT-547", "description_data": [
"refsource" : "COMPAQ", {
"url" : "http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html" "lang": "eng",
} "value": "Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tru64 UNIX 4.0f, 4.0g, and 5.0a allows remote attackers to cause a denial of service."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT-547",
"refsource": "COMPAQ",
"url": "http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html"
}
]
}
}

170
2002/1xxx/CVE-2002-1510.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1510", "ID": "CVE-2002-1510",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "CLA-2002:533", "description_data": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533" "lang": "eng",
}, "value": "xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist."
{ }
"name" : "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG", ]
"refsource" : "MISC", },
"url" : "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2003:064", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-064.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2003:065", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2003-065.html" ]
}, },
{ "references": {
"name" : "55602", "reference_data": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602" "name": "CLA-2002:533",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533"
"name" : "xfree86-xdm-unauth-access(11389)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/11389.php" "name": "RHSA-2003:064",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html"
} },
} {
"name": "RHSA-2003:065",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-065.html"
},
{
"name": "55602",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602"
},
{
"name": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG",
"refsource": "MISC",
"url": "http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG"
},
{
"name": "xfree86-xdm-unauth-access(11389)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11389.php"
}
]
}
}

140
2002/1xxx/CVE-2002-1790.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1790", "ID": "CVE-2002-1790",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020712 Portcullis Security Advisory - IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/281914" "lang": "eng",
}, "value": "The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682."
{ }
"name" : "5213", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5213" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "iis-smtp-mail-relay(9580)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9580.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20020712 Portcullis Security Advisory - IIS Microsoft SMTP Service Encapsulated SMTP Address Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/281914"
},
{
"name": "iis-smtp-mail-relay(9580)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9580.php"
},
{
"name": "5213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5213"
}
]
}
}

150
2002/2xxx/CVE-2002-2055.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2055", "ID": "CVE-2002-2055",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020603 Security holes in two Teekai's products + security hole in ncmail.netscape.com", "description_data": [
"refsource" : "VULN-DEV", {
"url" : "http://marc.info/?l=vuln-dev&m=102313697923798&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Tracking Online 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
{ }
"name" : "http://www.ifrance.com/kitetoua/tuto/Teekai.txt", ]
"refsource" : "MISC", },
"url" : "http://www.ifrance.com/kitetoua/tuto/Teekai.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4924", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4924" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "teekais-tracking-xss(9284)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/9284.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.ifrance.com/kitetoua/tuto/Teekai.txt",
"refsource": "MISC",
"url": "http://www.ifrance.com/kitetoua/tuto/Teekai.txt"
},
{
"name": "20020603 Security holes in two Teekai's products + security hole in ncmail.netscape.com",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=102313697923798&w=2"
},
{
"name": "teekais-tracking-xss(9284)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9284.php"
},
{
"name": "4924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4924"
}
]
}
}

170
2003/0xxx/CVE-2003-0046.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0046", "ID": "CVE-2003-0046",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104386492422014&w=2" "lang": "eng",
}, "value": "AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials."
{ }
"name" : "http://www.idefense.com/advisory/01.28.03.txt", ]
"refsource" : "MISC", },
"url" : "http://www.idefense.com/advisory/01.28.03.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.celestialsoftware.net/telnet/beta_software.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.celestialsoftware.net/telnet/beta_software.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "6725", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/6725" ]
}, },
{ "references": {
"name" : "7686", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/7686" "name": "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=104386492422014&w=2"
"name" : "1006013", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1006013" "name": "http://www.celestialsoftware.net/telnet/beta_software.html",
} "refsource": "CONFIRM",
] "url": "http://www.celestialsoftware.net/telnet/beta_software.html"
} },
} {
"name": "7686",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7686"
},
{
"name": "1006013",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1006013"
},
{
"name": "6725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6725"
},
{
"name": "http://www.idefense.com/advisory/01.28.03.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/01.28.03.txt"
}
]
}
}

170
2003/0xxx/CVE-2003-0462.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0462", "ID": "CVE-2003-0462",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "RHSA-2003:198", "description_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html" "lang": "eng",
}, "value": "A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash)."
{ }
"name" : "RHSA-2003:238", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-358", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-358" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-423", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2004/dsa-423" ]
}, },
{ "references": {
"name" : "RHSA-2003:239", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html" "name": "RHSA-2003:238",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-238.html"
"name" : "oval:org.mitre.oval:def:309", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A309" "name": "DSA-423",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2004/dsa-423"
} },
} {
"name": "RHSA-2003:198",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-198.html"
},
{
"name": "RHSA-2003:239",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-239.html"
},
{
"name": "oval:org.mitre.oval:def:309",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A309"
},
{
"name": "DSA-358",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-358"
}
]
}
}

130
2003/0xxx/CVE-2003-0578.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0578", "ID": "CVE-2003-0578",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", "description_data": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html" "lang": "eng",
}, "value": "cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files."
{ }
"name" : "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=105839150004682&w=2" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105839150004682&w=2"
},
{
"name": "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html"
}
]
}
}

34
2003/0xxx/CVE-2003-0716.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0716", "ID": "CVE-2003-0716",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2009/5xxx/CVE-2009-5126.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-5126", "ID": "CVE-2009-5126",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Antivirus component in Comodo Internet Security before 3.8.65951.477 allows remote attackers to cause a denial of service (application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://personalfirewall.comodo.com/release_notes.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://personalfirewall.comodo.com/release_notes.html" "lang": "eng",
} "value": "The Antivirus component in Comodo Internet Security before 3.8.65951.477 allows remote attackers to cause a denial of service (application crash) via a crafted file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://personalfirewall.comodo.com/release_notes.html",
"refsource": "CONFIRM",
"url": "http://personalfirewall.comodo.com/release_notes.html"
}
]
}
}

140
2012/0xxx/CVE-2012-0200.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-0200", "ID": "CVE-2012-0200",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a redundant WHERE condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg27021052", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg27021052" "lang": "eng",
}, "value": "The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a redundant WHERE condition."
{ }
"name" : "IC81244", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81244" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "soliddb-redundant-where-dos(73126)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73126" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "soliddb-redundant-where-dos(73126)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73126"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg27021052",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg27021052"
},
{
"name": "IC81244",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81244"
}
]
}
}

150
2012/0xxx/CVE-2012-0429.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0429", "ID": "CVE-2012-0429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.novell.com/support/kb/doc.php?id=3426981", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/kb/doc.php?id=3426981" "lang": "eng",
}, "value": "dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote authenticated users to cause a denial of service (daemon crash) via crafted characters in an HTTP request."
{ }
"name" : "http://www.novell.com/support/kb/doc.php?id=7011533", ]
"refsource" : "CONFIRM", },
"url" : "http://www.novell.com/support/kb/doc.php?id=7011533" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=772895", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=772895" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1027912", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1027912" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1027912",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027912"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011533",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011533"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=772895",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772895"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
}
]
}
}

130
2012/0xxx/CVE-2012-0688.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0688", "ID": "CVE-2012-0688",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp", ]
"refsource" : "CONFIRM", },
"url" : "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"name": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
}
]
}
}

140
2012/1xxx/CVE-2012-1018.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1018", "ID": "CVE-2012-1018",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://dl.packetstormsecurity.net/1202-exploits/joomlacurrencyconverter-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://dl.packetstormsecurity.net/1202-exploits/joomlacurrencyconverter-xss.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter."
{ }
"name" : "51804", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/51804" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "currencyconverter-convert-xss(72917)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72917" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://dl.packetstormsecurity.net/1202-exploits/joomlacurrencyconverter-xss.txt",
"refsource": "MISC",
"url": "http://dl.packetstormsecurity.net/1202-exploits/joomlacurrencyconverter-xss.txt"
},
{
"name": "currencyconverter-convert-xss(72917)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72917"
},
{
"name": "51804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51804"
}
]
}
}

170
2012/1xxx/CVE-2012-1244.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2012-1244", "ID": "CVE-2012-1244",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#82029095", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN82029095/index.html" "lang": "eng",
}, "value": "The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "JVNDB-2012-000037", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53254", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53254" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "81629", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/81629" ]
}, },
{ "references": {
"name" : "48955", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48955" "name": "spmode-android-ssl-spoofing(75159)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75159"
"name" : "spmode-android-ssl-spoofing(75159)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75159" "name": "53254",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/53254"
} },
} {
"name": "JVN#82029095",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN82029095/index.html"
},
{
"name": "48955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48955"
},
{
"name": "81629",
"refsource": "OSVDB",
"url": "http://osvdb.org/81629"
},
{
"name": "JVNDB-2012-000037",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000037"
}
]
}
}

150
2012/1xxx/CVE-2012-1422.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1422", "ID": "CVE-2012-1422",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial ITSF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/522005" "lang": "eng",
}, "value": "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial ITSF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
{ }
"name" : "http://www.ieee-security.org/TC/SP2012/program.html", ]
"refsource" : "MISC", },
"url" : "http://www.ieee-security.org/TC/SP2012/program.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52583", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52583" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "80409", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/80409" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80409",
"refsource": "OSVDB",
"url": "http://osvdb.org/80409"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "52583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52583"
}
]
}
}

140
2012/1xxx/CVE-2012-1774.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1774", "ID": "CVE-2012-1774",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://player.gomlab.com/eng/download/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://player.gomlab.com/eng/download/" "lang": "eng",
}, "value": "Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264."
{ }
"name" : "80203", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/80203" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "gommediaplayer-openurl-unspecified(74120)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74120" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "80203",
"refsource": "OSVDB",
"url": "http://osvdb.org/80203"
},
{
"name": "http://player.gomlab.com/eng/download/",
"refsource": "CONFIRM",
"url": "http://player.gomlab.com/eng/download/"
},
{
"name": "gommediaplayer-openurl-unspecified(74120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74120"
}
]
}
}

140
2012/1xxx/CVE-2012-1898.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1898", "ID": "CVE-2012-1898",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or (3) user[username] parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or (3) user[username] parameters."
{ }
"name" : "http://www.webapp-security.com/2012/03/wolfcms/", ]
"refsource" : "MISC", },
"url" : "http://www.webapp-security.com/2012/03/wolfcms/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.webapp-security.com/wp-content/uploads/2012/03/Wolfcms-0.75-Multiple-Vulnerabilities-CSRF-XSS.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.webapp-security.com/wp-content/uploads/2012/03/Wolfcms-0.75-Multiple-Vulnerabilities-CSRF-XSS.txt" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.webapp-security.com/wp-content/uploads/2012/03/Wolfcms-0.75-Multiple-Vulnerabilities-CSRF-XSS.txt",
"refsource": "MISC",
"url": "http://www.webapp-security.com/wp-content/uploads/2012/03/Wolfcms-0.75-Multiple-Vulnerabilities-CSRF-XSS.txt"
},
{
"name": "http://www.webapp-security.com/2012/03/wolfcms/",
"refsource": "MISC",
"url": "http://www.webapp-security.com/2012/03/wolfcms/"
},
{
"name": "http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111116/Wolfcms-0.75-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
}
]
}
}

250
2012/3xxx/CVE-2012-3426.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3426", "ID": "CVE-2012-3426",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/07/27/4" "lang": "eng",
}, "value": "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password."
{ }
"name" : "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa", ]
"refsource" : "CONFIRM", },
"url" : "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355", "description": [
"refsource" : "CONFIRM", {
"url" : "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626", ]
"refsource" : "CONFIRM", }
"url" : "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626" ]
}, },
{ "references": {
"name" : "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d" "name": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454",
}, "refsource": "CONFIRM",
{ "url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
"name" : "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454", },
"refsource" : "CONFIRM", {
"url" : "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454" "name": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa",
}, "refsource": "CONFIRM",
{ "url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
"name" : "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de", },
"refsource" : "CONFIRM", {
"url" : "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de" "name": "https://bugs.launchpad.net/keystone/+bug/998185",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.launchpad.net/keystone/+bug/998185"
"name" : "https://bugs.launchpad.net/keystone/+bug/996595", },
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/keystone/+bug/996595" "name": "https://bugs.launchpad.net/keystone/+bug/997194",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.launchpad.net/keystone/+bug/997194"
"name" : "https://bugs.launchpad.net/keystone/+bug/997194", },
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/keystone/+bug/997194" "name": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz",
}, "refsource": "CONFIRM",
{ "url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
"name" : "https://bugs.launchpad.net/keystone/+bug/998185", },
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/keystone/+bug/998185" "name": "50494",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50494"
"name" : "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz", },
"refsource" : "CONFIRM", {
"url" : "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz" "name": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de",
}, "refsource": "CONFIRM",
{ "url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
"name" : "USN-1552-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1552-1" "name": "https://bugs.launchpad.net/keystone/+bug/996595",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.launchpad.net/keystone/+bug/996595"
"name" : "50045", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50045" "name": "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
"name" : "50494", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50494" "name": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626",
} "refsource": "CONFIRM",
] "url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
} },
} {
"name": "USN-1552-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"name": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355",
"refsource": "CONFIRM",
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"name": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d",
"refsource": "CONFIRM",
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"name": "50045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50045"
}
]
}
}

150
2012/3xxx/CVE-2012-3465.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3465", "ID": "CVE-2012-3465",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[rubyonrails-security] 20120810 XSS Vulnerability in strip_tags", "description_data": [
"refsource" : "MLIST", {
"url" : "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup."
{ }
"name" : "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/", ]
"refsource" : "CONFIRM", },
"url" : "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:0154", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0154.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "50694", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/50694" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/"
},
{
"name": "50694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50694"
},
{
"name": "RHSA-2013:0154",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html"
},
{
"name": "[rubyonrails-security] 20120810 XSS Vulnerability in strip_tags",
"refsource": "MLIST",
"url": "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain"
}
]
}
}

34
2012/3xxx/CVE-2012-3942.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3942", "ID": "CVE-2012-3942",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2012/4xxx/CVE-2012-4066.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4066", "ID": "CVE-2012-4066",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08" "lang": "eng",
} "value": "The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08",
"refsource": "CONFIRM",
"url": "http://www.eucalyptus.com/eucalyptus-cloud/security/esa-08"
}
]
}
}

240
2012/4xxx/CVE-2012-4293.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4293", "ID": "CVE-2012-4293",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/plugins/ethercat/packet-ecatmb.c?r1=43149&r2=43148&pathrev=43149", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/plugins/ethercat/packet-ecatmb.c?r1=43149&r2=43148&pathrev=43149" "lang": "eng",
}, "value": "plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet."
{ }
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=43149", ]
"refsource" : "CONFIRM", },
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=43149" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-22.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-22.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7562", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7562" ]
}, },
{ "references": {
"name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" "name": "55035",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/55035"
"name" : "GLSA-201308-05", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7562",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7562"
"name" : "openSUSE-SU-2012:1067", },
"refsource" : "SUSE", {
"url" : "https://hermes.opensuse.org/messages/15514562" "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=43149",
}, "refsource": "CONFIRM",
{ "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=43149"
"name" : "openSUSE-SU-2012:1035", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html" "name": "54425",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54425"
"name" : "55035", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55035" "name": "http://anonsvn.wireshark.org/viewvc/trunk/plugins/ethercat/packet-ecatmb.c?r1=43149&r2=43148&pathrev=43149",
}, "refsource": "CONFIRM",
{ "url": "http://anonsvn.wireshark.org/viewvc/trunk/plugins/ethercat/packet-ecatmb.c?r1=43149&r2=43148&pathrev=43149"
"name" : "oval:org.mitre.oval:def:15527", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15527" "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3",
}, "refsource": "CONFIRM",
{ "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3"
"name" : "51363", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51363" "name": "GLSA-201308-05",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
"name" : "50276", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50276" "name": "oval:org.mitre.oval:def:15527",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15527"
"name" : "54425", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54425" "name": "51363",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/51363"
} },
} {
"name": "http://www.wireshark.org/security/wnpa-sec-2012-22.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2012-22.html"
},
{
"name": "openSUSE-SU-2012:1035",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html"
},
{
"name": "50276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50276"
},
{
"name": "openSUSE-SU-2012:1067",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15514562"
}
]
}
}

170
2012/4xxx/CVE-2012-4492.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4492", "ID": "CVE-2012-4492",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the (1) report or (2) Custom Services List page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121004 CVE Request for Drupal Contributed Modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/10/04/6" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors to the (1) report or (2) Custom Services List page."
{ }
"name" : "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/10/07/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupal.org/node/1719392", "description": [
"refsource" : "MISC", {
"url" : "http://drupal.org/node/1719392" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://drupal.org/node/1719306", ]
"refsource" : "CONFIRM", }
"url" : "https://drupal.org/node/1719306" ]
}, },
{ "references": {
"name" : "https://drupal.org/node/1719310", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://drupal.org/node/1719310" "name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"
"name" : "54911", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54911" "name": "https://drupal.org/node/1719310",
} "refsource": "CONFIRM",
] "url": "https://drupal.org/node/1719310"
} },
} {
"name": "http://drupal.org/node/1719392",
"refsource": "MISC",
"url": "http://drupal.org/node/1719392"
},
{
"name": "https://drupal.org/node/1719306",
"refsource": "CONFIRM",
"url": "https://drupal.org/node/1719306"
},
{
"name": "54911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54911"
},
{
"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"
}
]
}
}

160
2012/4xxx/CVE-2012-4511.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4511", "ID": "CVE-2012-4511",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121010 CVE request: libsocialweb untrusted connection to flickr", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/10/10/10" "lang": "eng",
}, "value": "services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack."
{ }
"name" : "[oss-security] 20121010 Re: CVE request: libsocialweb untrusted connection to flickr", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/10/11/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20121023 Wrong affected version in the CVE-2012-4511", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/10/23/5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=863206", ]
"refsource" : "MISC", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=863206" ]
}, },
{ "references": {
"name" : "http://git.gnome.org/browse/libsocialweb/commit/?id=8c28ae1d5db5529020652cee3700c75341625503", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.gnome.org/browse/libsocialweb/commit/?id=8c28ae1d5db5529020652cee3700c75341625503" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=863206",
} "refsource": "MISC",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=863206"
} },
} {
"name": "[oss-security] 20121010 CVE request: libsocialweb untrusted connection to flickr",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/10/10"
},
{
"name": "[oss-security] 20121023 Wrong affected version in the CVE-2012-4511",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/23/5"
},
{
"name": "http://git.gnome.org/browse/libsocialweb/commit/?id=8c28ae1d5db5529020652cee3700c75341625503",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/libsocialweb/commit/?id=8c28ae1d5db5529020652cee3700c75341625503"
},
{
"name": "[oss-security] 20121010 Re: CVE request: libsocialweb untrusted connection to flickr",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/11/1"
}
]
}
}

130
2012/4xxx/CVE-2012-4612.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2012-4612", "ID": "CVE-2012-4612",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20121113 ESA-2012-055: RSA Data Protection Manager Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0050.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "56506", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/56506" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56506"
},
{
"name": "20121113 ESA-2012-055: RSA Data Protection Manager Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0050.html"
}
]
}
}

150
2012/4xxx/CVE-2012-4936.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-4936", "ID": "CVE-2012-4936",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#802596", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/802596" "lang": "eng",
}, "value": "The web interface in Pattern Insight 2.3 allows remote attackers to conduct clickjacking attacks via a FRAME element."
{ }
"name" : "56381", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/56381" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "51203", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51203" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "pattern-insight-clickjacking(79784)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79784" ]
} },
] "references": {
} "reference_data": [
} {
"name": "VU#802596",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/802596"
},
{
"name": "56381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56381"
},
{
"name": "51203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51203"
},
{
"name": "pattern-insight-clickjacking(79784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79784"
}
]
}
}

140
2017/2xxx/CVE-2017-2098.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2098", "ID": "CVE-2017-2098",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "CubeCart", "product_name": "CubeCart",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "versions prior to 6.1.4" "version_value": "versions prior to 6.1.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "CubeCart Limited" "vendor_name": "CubeCart Limited"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory traversal"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://forums.cubecart.com/topic/52088-cubecart-614-released/", "description_data": [
"refsource" : "MISC", {
"url" : "https://forums.cubecart.com/topic/52088-cubecart-614-released/" "lang": "eng",
}, "value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors."
{ }
"name" : "JVN#81618356", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN81618356/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "95866", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95866" "lang": "eng",
} "value": "Directory traversal"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://forums.cubecart.com/topic/52088-cubecart-614-released/",
"refsource": "MISC",
"url": "https://forums.cubecart.com/topic/52088-cubecart-614-released/"
},
{
"name": "JVN#81618356",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81618356/index.html"
},
{
"name": "95866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95866"
}
]
}
}

120
2017/2xxx/CVE-2017-2179.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2179", "ID": "CVE-2017-2179",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application", "product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "V3.0.2 and earlier" "version_value": "V3.0.2 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#80238098", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN80238098/index.html" "lang": "eng",
} "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.2 and earlier allows remote code execution via unspecified vectors, a different vulnerability than CVE-2017-2181 and CVE-2017-2182."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#80238098",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN80238098/index.html"
}
]
}
}

130
2017/2xxx/CVE-2017-2576.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-2576", "ID": "CVE-2017-2576",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Moodle 2.x and 3.x", "product_name": "Moodle 2.x and 3.x",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Moodle 2.x and 3.x" "version_value": "Moodle 2.x and 3.x"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unspecified"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://moodle.org/mod/forum/discuss.php?d=345912", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://moodle.org/mod/forum/discuss.php?d=345912" "lang": "eng",
}, "value": "In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums."
{ }
"name" : "95649", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95649" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "unspecified"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95649"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=345912",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=345912"
}
]
}
}

122
2017/2xxx/CVE-2017-2707.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-2707", "ID": "CVE-2017-2707",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Mate 9", "product_name": "Mate 9",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MHA-AL00AC00B125" "version_value": "MHA-AL00AC00B125"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-02-push-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-02-push-en" "lang": "eng",
} "value": "Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege escalation vulnerability in Push module. An attacker tricks a user to save a rich media into message on the smart phone, which could be exploited to cause the attacker to delete message or fake user to send message."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-02-push-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170712-02-push-en"
}
]
}
}

140
2017/2xxx/CVE-2017-2767.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2017-2767", "ID": "CVE-2017-2767",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "EMC Network Configuration Manager EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x", "product_name": "EMC Network Configuration Manager EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "EMC Network Configuration Manager EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x" "version_value": "EMC Network Configuration Manager EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Java RMI Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securityfocus.com/archive/1/540085/30/0/threaded", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.securityfocus.com/archive/1/540085/30/0/threaded" "lang": "eng",
}, "value": "EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system."
{ }
"name" : "95938", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95938" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037761", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037761" "lang": "eng",
} "value": "Java RMI Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "95938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95938"
},
{
"name": "http://www.securityfocus.com/archive/1/540085/30/0/threaded",
"refsource": "CONFIRM",
"url": "http://www.securityfocus.com/archive/1/540085/30/0/threaded"
},
{
"name": "1037761",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037761"
}
]
}
}

300
2017/2xxx/CVE-2017-2949.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-2949", "ID": "CVE-2017-2949",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", "product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." "version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-005", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-005" "lang": "eng",
}, "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-006", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-006" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-007", "description": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-007" "lang": "eng",
}, "value": "Heap Overflow"
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-008", ]
"refsource" : "MISC", }
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-008" ]
}, },
{ "references": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-009", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-009" "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-005",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-005"
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-011", },
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-011" "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-020",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-020"
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-012", },
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-012" "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-006",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-006"
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-013", },
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-013" "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-009",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-009"
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-015", },
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-015" "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-007",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-007"
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-016", },
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-016" "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-029",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-029"
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-017", },
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-017" "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-008",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-008"
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-018", },
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-018" "name": "95344",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/95344"
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-019", },
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-019" "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-017",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-017"
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-020", },
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-020" "name": "1037574",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1037574"
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-028", },
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-028" "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-028",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-028"
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-029", },
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-029" "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-016",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-016"
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", },
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-011",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-011"
"name" : "95344", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95344" "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-019",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-019"
"name" : "1037574", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037574" "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-015",
} "refsource": "MISC",
] "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-015"
} },
} {
"name": "http://www.zerodayinitiative.com/advisories/ZDI-17-012",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-012"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-17-018",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-018"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-17-013",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-17-013"
}
]
}
}

132
2017/3xxx/CVE-2017-3765.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@lenovo.com", "ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC" : "2018-01-09T00:00:00", "DATE_PUBLIC": "2018-01-09T00:00:00",
"ID" : "CVE-2017-3765", "ID": "CVE-2017-3765",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Enterprise Network Operating System affecting Lenovo and IBM RackSwitch and BladeCenter Products", "product_name": "Enterprise Network Operating System affecting Lenovo and IBM RackSwitch and BladeCenter Products",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Earlier than" "version_value": "Earlier than"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Lenovo Group Ltd." "vendor_name": "Lenovo Group Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as \"HP Backdoor\" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication Bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.lenovo.com/us/en/product_security/LEN-16095", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.lenovo.com/us/en/product_security/LEN-16095" "lang": "eng",
}, "value": "In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as \"HP Backdoor\" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted."
{ }
"name" : "1040296", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1040296" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/product_security/LEN-16095",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/product_security/LEN-16095"
},
{
"name": "1040296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040296"
}
]
}
}

34
2017/6xxx/CVE-2017-6202.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6202", "ID": "CVE-2017-6202",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/6xxx/CVE-2017-6496.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6496", "ID": "CVE-2017-6496",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/6xxx/CVE-2017-6535.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6535", "ID": "CVE-2017-6535",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/WPO-Foundation/webpagetest/issues/832", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/WPO-Foundation/webpagetest/issues/832" "lang": "eng",
}, "value": "Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, url) passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
{ }
"name" : "96935", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96935" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96935"
},
{
"name": "https://github.com/WPO-Foundation/webpagetest/issues/832",
"refsource": "CONFIRM",
"url": "https://github.com/WPO-Foundation/webpagetest/issues/832"
}
]
}
}

34
2017/7xxx/CVE-2017-7057.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7057", "ID": "CVE-2017-7057",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/7xxx/CVE-2017-7232.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7232", "ID": "CVE-2017-7232",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/7xxx/CVE-2017-7384.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7384", "ID": "CVE-2017-7384",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bits3c.blogspot.dk/2017/05/cve-2017-7384-reflected-xss-in-flippdf.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://bits3c.blogspot.dk/2017/05/cve-2017-7384-reflected-xss-in-flippdf.html" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bits3c.blogspot.dk/2017/05/cve-2017-7384-reflected-xss-in-flippdf.html",
"refsource": "MISC",
"url": "https://bits3c.blogspot.dk/2017/05/cve-2017-7384-reflected-xss-in-flippdf.html"
}
]
}
}

34
2017/7xxx/CVE-2017-7706.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7706", "ID": "CVE-2017-7706",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/10xxx/CVE-2018-10185.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10185", "ID": "CVE-2018-10185",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/yeyinshi/tuzicms/issues/1", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/yeyinshi/tuzicms/issues/1" "lang": "eng",
} "value": "An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yeyinshi/tuzicms/issues/1",
"refsource": "MISC",
"url": "https://github.com/yeyinshi/tuzicms/issues/1"
}
]
}
}

130
2018/10xxx/CVE-2018-10678.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10678", "ID": "CVE-2018-10678",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target=\"_blank\" rel=\"noopener\"' in A elements, which makes it easier for remote attackers to conduct redirection attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc", "description_data": [
"refsource" : "MISC", {
"url" : "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc" "lang": "eng",
}, "value": "MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target=\"_blank\" rel=\"noopener\"' in A elements, which makes it easier for remote attackers to conduct redirection attacks."
{ }
"name" : "104187", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104187" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104187"
},
{
"name": "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc",
"refsource": "MISC",
"url": "https://gist.github.com/MayurUdiniya/7aaa50b878d82b6aab6ed0b3e2b080bc"
}
]
}
}

120
2018/10xxx/CVE-2018-10825.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10825", "ID": "CVE-2018-10825",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mimo Baby 2 devices do not use authentication or encryption for the Bluetooth Low Energy (BLE) communication from a Turtle to a Lilypad, which allows attackers to inject fake information about the position and temperature of a baby via a replay or spoofing attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/@victor_14768/mimo-baby-hack-ac7fa0ae3bfb", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/@victor_14768/mimo-baby-hack-ac7fa0ae3bfb" "lang": "eng",
} "value": "Mimo Baby 2 devices do not use authentication or encryption for the Bluetooth Low Energy (BLE) communication from a Turtle to a Lilypad, which allows attackers to inject fake information about the position and temperature of a baby via a replay or spoofing attack."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@victor_14768/mimo-baby-hack-ac7fa0ae3bfb",
"refsource": "MISC",
"url": "https://medium.com/@victor_14768/mimo-baby-hack-ac7fa0ae3bfb"
}
]
}
}

34
2018/14xxx/CVE-2018-14157.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14157", "ID": "CVE-2018-14157",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/14xxx/CVE-2018-14530.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14530", "ID": "CVE-2018-14530",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/14xxx/CVE-2018-14576.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14576", "ID": "CVE-2018-14576",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180727 Integer overflow in SunContract", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/Jul/93" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable."
{ }
"name" : "https://github.com/SunContract/SmartContracts/issues/1", ]
"refsource" : "MISC", },
"url" : "https://github.com/SunContract/SmartContracts/issues/1" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180727 Integer overflow in SunContract",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/93"
},
{
"name": "https://github.com/SunContract/SmartContracts/issues/1",
"refsource": "MISC",
"url": "https://github.com/SunContract/SmartContracts/issues/1"
}
]
}
}

120
2018/14xxx/CVE-2018-14742.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14742", "ID": "CVE-2018-14742",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/cloudwu/pbc/issues/122#issuecomment-407368019", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/cloudwu/pbc/issues/122#issuecomment-407368019" "lang": "eng",
} "value": "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cloudwu/pbc/issues/122#issuecomment-407368019",
"refsource": "MISC",
"url": "https://github.com/cloudwu/pbc/issues/122#issuecomment-407368019"
}
]
}
}

34
2018/15xxx/CVE-2018-15056.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15056", "ID": "CVE-2018-15056",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

122
2018/15xxx/CVE-2018-15702.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vulnreport@tenable.com", "ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-10-01T00:00:00", "DATE_PUBLIC": "2018-10-01T00:00:00",
"ID" : "CVE-2018-15702", "ID": "CVE-2018-15702",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "TP-Link TL-WRN841N", "product_name": "TP-Link TL-WRN841N",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Firmware versions 0.9.1 4.16 v0348.0 and below" "version_value": "Firmware versions 0.9.1 4.16 v0348.0 and below"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "TP-Link" "vendor_name": "TP-Link"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Requrest Forgery"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.tenable.com/security/research/tra-2018-27", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.tenable.com/security/research/tra-2018-27" "lang": "eng",
} "value": "The web interface in TP-Link TL-WRN841N 0.9.1 4.16 v0348.0 is vulnerable to CSRF due to insufficient validation of the referer field."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Requrest Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-27",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-27"
}
]
}
}

150
2018/20xxx/CVE-2018-20184.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20184", "ID": "CVE-2018-20184",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html" "lang": "eng",
}, "value": "In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification."
{ }
"name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b", ]
"refsource" : "MISC", },
"url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://sourceforge.net/p/graphicsmagick/bugs/583/", "description": [
"refsource" : "MISC", {
"url" : "https://sourceforge.net/p/graphicsmagick/bugs/583/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "106229", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/106229" ]
} },
] "references": {
} "reference_data": [
} {
"name": "106229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106229"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/15d1b5fd003b"
},
{
"name": "[debian-lts-announce] 20181227 [SECURITY] [DLA 1619-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00018.html"
},
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/583/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/583/"
}
]
}
}

34
2018/20xxx/CVE-2018-20314.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20314", "ID": "CVE-2018-20314",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/20xxx/CVE-2018-20643.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20643", "ID": "CVE-2018-20643",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/9xxx/CVE-2018-9035.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9035", "ID": "CVE-2018-9035",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44367", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44367/" "lang": "eng",
} "value": "CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form 7 to Database Extension plugin 2.10.32 for WordPress allows remote attackers to inject spreadsheet formulas into CSV files via the contact form."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44367",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44367/"
}
]
}
}

122
2018/9xxx/CVE-2018-9064.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@lenovo.com", "ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC" : "2018-07-26T00:00:00", "DATE_PUBLIC": "2018-07-26T00:00:00",
"ID" : "CVE-2018-9064", "ID": "CVE-2018-9064",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Lenovo xClarity Administrator", "product_name": "Lenovo xClarity Administrator",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Earlier than 2.1.0" "version_value": "Earlier than 2.1.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Lenovo Group Ltd." "vendor_name": "Lenovo Group Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege escalation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.lenovo.com/us/en/solutions/LEN-22168", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.lenovo.com/us/en/solutions/LEN-22168" "lang": "eng",
} "value": "In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-22168",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-22168"
}
]
}
}

128
2018/9xxx/CVE-2018-9207.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "larry0@me.com", "ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED" : "2018-11-02", "DATE_ASSIGNED": "2018-11-02",
"ID" : "CVE-2018-9207", "ID": "CVE-2018-9207",
"REQUESTER" : "larry0@me.com", "REQUESTER": "larry0@me.com",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"UPDATED" : "2018-11-19T13:21Z" "UPDATED": "2018-11-19T13:21Z"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : " jQuery Upload File", "product_name": " jQuery Upload File",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<=", "version_affected": "<=",
"version_value" : "4.0.2" "version_value": "4.0.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "hayageek" "vendor_name": "hayageek"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Arbitrary file upload in jQuery Upload File <= 4.0.2"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbitrary file upload vulnerability in jQuery Upload File v4.0.2"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.vapidlabs.com/advisory.php?v=206", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.vapidlabs.com/advisory.php?v=206" "lang": "eng",
} "value": "Arbitrary file upload in jQuery Upload File <= 4.0.2"
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary file upload vulnerability in jQuery Upload File v4.0.2"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapidlabs.com/advisory.php?v=206",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=206"
}
]
}
}

34
2018/9xxx/CVE-2018-9649.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9649", "ID": "CVE-2018-9649",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }