admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:23:24 +00:00
parent 15b7e2ac17
commit 0dc97eb381
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3630 additions and 3630 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2002/0xxx/CVE-2002-0011.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0011",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html"
},
{
"name" : "http://www.bugzilla.org/security2_14_1.html",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security2_14_1.html"
},
{
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=98146",
"refsource" : "MISC",
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=98146"
},
{
"name" : "RHSA-2002:001",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2002-001.html"
},
{
"name" : "bugzilla-doeditvotes-login-information(7803)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7803.php"
},
{
"name" : "3800",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3800"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:001",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-001.html"
},
{
"name": "20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html"
},
{
"name": "http://www.bugzilla.org/security2_14_1.html",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security2_14_1.html"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=98146",
"refsource": "MISC",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=98146"
},
{
"name": "3800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3800"
},
{
"name": "bugzilla-doeditvotes-login-information(7803)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7803.php"
}
]
}
}

140
2002/0xxx/CVE-2002-0268.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0268",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a \"Browse\" function, which runs Explorer with SYSTEM privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020212 Identix BioLogon 3",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101366270807034&w=2"
},
{
"name" : "4101",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4101"
},
{
"name" : "biologon3-gina-bypass-authentication(8201)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8201.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a \"Browse\" function, which runs Explorer with SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020212 Identix BioLogon 3",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101366270807034&w=2"
},
{
"name": "4101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4101"
},
{
"name": "biologon3-gina-bypass-authentication(8201)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8201.php"
}
]
}
}

140
2002/0xxx/CVE-2002-0525.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020411 Inn (Inter Net News) security problems",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html"
},
{
"name" : "4501",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4501"
},
{
"name" : "inn-rnews-inews-format-string(8834)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8834.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4501"
},
{
"name": "inn-rnews-inews-format-string(8834)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8834.php"
},
{
"name": "20020411 Inn (Inter Net News) security problems",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0140.html"
}
]
}
}

340
2002/0xxx/CVE-2002-0843.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0843",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021016 Apache 1.3.26",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html"
},
{
"name" : "http://www.apacheweek.com/issues/02-10-04",
"refsource" : "CONFIRM",
"url" : "http://www.apacheweek.com/issues/02-10-04"
},
{
"name" : "http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2",
"refsource" : "CONFIRM",
"url" : "http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2"
},
{
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871",
"refsource" : "CONFIRM",
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871"
},
{
"name" : "IY87070",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only"
},
{
"name" : "CLA-2002:530",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530"
},
{
"name" : "000530",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530"
},
{
"name" : "CLSA-2002:530",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530"
},
{
"name" : "ESA-20021007-024",
"refsource" : "ENGARDE",
"url" : "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"name" : "MDKSA-2002:068",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"name" : "DSA-187",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-187"
},
{
"name" : "DSA-188",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-188"
},
{
"name" : "DSA-195",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-195"
},
{
"name" : "HPSBUX0210-224",
"refsource" : "HP",
"url" : "http://online.securityfocus.com/advisories/4617"
},
{
"name" : "20021105-01-I",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I"
},
{
"name" : "20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103376585508776&w=2"
},
{
"name" : "20021017 TSLSA-2002-0069-apache",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"name" : "5995",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5995"
},
{
"name" : "5996",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5996"
},
{
"name" : "5887",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5887"
},
{
"name" : "ADV-2006-3263",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3263"
},
{
"name" : "21425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21425"
},
{
"name" : "apache-apachebench-response-bo(10281)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10281.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"name": "CLSA-2002:530",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530"
},
{
"name": "http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2"
},
{
"name": "ESA-20021007-024",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"name": "5996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5996"
},
{
"name": "IY87070",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only"
},
{
"name": "20021105-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I"
},
{
"name": "HPSBUX0210-224",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"name": "ADV-2006-3263",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3263"
},
{
"name": "20021016 Apache 1.3.26",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html"
},
{
"name": "000530",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530"
},
{
"name": "DSA-187",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"name": "http://www.apacheweek.com/issues/02-10-04",
"refsource": "CONFIRM",
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"name": "5887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5887"
},
{
"name": "DSA-195",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"name": "20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103376585508776&w=2"
},
{
"name": "MDKSA-2002:068",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871"
},
{
"name": "CLA-2002:530",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530"
},
{
"name": "21425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21425"
},
{
"name": "20021017 TSLSA-2002-0069-apache",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"name": "5995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5995"
},
{
"name": "apache-apachebench-response-bo(10281)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10281.php"
}
]
}
}

150
2002/0xxx/CVE-2002-0983.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-157",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-157"
},
{
"name" : "FreeBSD-SN-02:05",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A05.asc"
},
{
"name" : "5055",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5055"
},
{
"name" : "irssi-long-topic-dos(9395)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9395"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IRC client irssi in irssi-text before 0.8.4 allows remote attackers to cause a denial of service (crash) via an IRC channel that has a long topic followed by a certain string, possibly triggering a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SN-02:05",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A05.asc"
},
{
"name": "irssi-long-topic-dos(9395)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9395"
},
{
"name": "DSA-157",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-157"
},
{
"name": "5055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5055"
}
]
}
}

140
2002/1xxx/CVE-2002-1128.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020918 iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0122.html"
},
{
"name" : "5747",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5747"
},
{
"name" : "osf1-inc-mh-bo(10147)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10147.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020918 iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0122.html"
},
{
"name": "osf1-inc-mh-bo(10147)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10147.php"
},
{
"name": "5747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5747"
}
]
}
}

140
2002/1xxx/CVE-2002-1285.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1285",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SuSE-SA:2002:040",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2002_040_lprng_html2ps.html"
},
{
"name" : "lprng-runlpr-gain-privileges(10525)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10525.php"
},
{
"name" : "6077",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6077"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6077"
},
{
"name": "SuSE-SA:2002:040",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_040_lprng_html2ps.html"
},
{
"name": "lprng-runlpr-gain-privileges(10525)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10525.php"
}
]
}
}

140
2002/1xxx/CVE-2002-1449.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1449",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020730 Bug in Eupload",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0412.html"
},
{
"name" : "5369",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5369"
},
{
"name" : "eupload-passwordtxt-overwrite-files(9733)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9733.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eUpload 1.0 stores the password.txt password file in plaintext under the web document root, which allows remote attackers to overwrite arbitrary files by reading password.txt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020730 Bug in Eupload",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0412.html"
},
{
"name": "5369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5369"
},
{
"name": "eupload-passwordtxt-overwrite-files(9733)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9733.php"
}
]
}
}

140
2002/1xxx/CVE-2002-1695.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020114 NMRC Advisory: OpenFile Win32 API Log Overwriting/Rewriting",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/250591"
},
{
"name" : "iis-modify-log(7919)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7919"
},
{
"name" : "3888",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3888"
},
{
"name": "iis-modify-log(7919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7919"
},
{
"name": "20020114 NMRC Advisory: OpenFile Win32 API Log Overwriting/Rewriting",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/250591"
}
]
}
}

130
2002/1xxx/CVE-2002-1927.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1927",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aquonics File Manager 1.5 allows users with edit privileges to modify user accounts by editing the userlist.cgi file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020821 bugtraq@security.nnov.ru list issues [2]",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0212.html"
},
{
"name" : "aquonics-filemanager-userlist-access(9930)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9930"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aquonics File Manager 1.5 allows users with edit privileges to modify user accounts by editing the userlist.cgi file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aquonics-filemanager-userlist-access(9930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9930"
},
{
"name": "20020821 bugtraq@security.nnov.ru list issues [2]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0212.html"
}
]
}
}

140
2002/2xxx/CVE-2002-2405.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2405",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020918 Firewall-1 –HTTP Security Server - Proxy vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0219.html"
},
{
"name" : "5744",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5744"
},
{
"name" : "fw1-http-proxy-bypass(10139)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10139.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the firewall."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5744"
},
{
"name": "20020918 Firewall-1 \u0096HTTP Security Server - Proxy vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0219.html"
},
{
"name": "fw1-http-proxy-bypass(10139)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10139.php"
}
]
}
}

140
2002/2xxx/CVE-2002-2410.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2410",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021119 Open WebMail 1.71 \"background\" magic info",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html"
},
{
"name" : "6232",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6232"
},
{
"name" : "open-webmail-information-disclosure(10684)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10684.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "open-webmail-information-disclosure(10684)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10684.php"
},
{
"name": "20021119 Open WebMail 1.71 \"background\" magic info",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0278.html"
},
{
"name": "6232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6232"
}
]
}
}

140
2005/1xxx/CVE-2005-1725.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050608 [ Suresec Advisories ] - Mac OS X 10.4 - launchd local root vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111833509424379&w=2"
},
{
"name" : "http://www.suresec.org/advisories/adv3.pdf",
"refsource" : "MISC",
"url" : "http://www.suresec.org/advisories/adv3.pdf"
},
{
"name" : "APPLE-SA-2005-06-08",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050608 [ Suresec Advisories ] - Mac OS X 10.4 - launchd local root vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111833509424379&w=2"
},
{
"name": "http://www.suresec.org/advisories/adv3.pdf",
"refsource": "MISC",
"url": "http://www.suresec.org/advisories/adv3.pdf"
},
{
"name": "APPLE-SA-2005-06-08",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html"
}
]
}
}

200
2009/1xxx/CVE-2009-1139.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1139",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka \"Active Directory Memory Leak Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm"
},
{
"name" : "MS09-018",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018"
},
{
"name" : "TA09-160A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name" : "35225",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35225"
},
{
"name" : "54938",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54938"
},
{
"name" : "oval:org.mitre.oval:def:6253",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6253"
},
{
"name" : "1022349",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022349"
},
{
"name" : "35355",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35355"
},
{
"name" : "ADV-2009-1537",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1537"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka \"Active Directory Memory Leak Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54938",
"refsource": "OSVDB",
"url": "http://osvdb.org/54938"
},
{
"name": "MS09-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm"
},
{
"name": "1022349",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022349"
},
{
"name": "ADV-2009-1537",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1537"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "oval:org.mitre.oval:def:6253",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6253"
},
{
"name": "35225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35225"
},
{
"name": "35355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35355"
}
]
}
}

130
2009/1xxx/CVE-2009-1666.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1666",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite 2.50.3.0 allow remote attackers to execute arbitrary code via the ReturnConnection method in (1) CM_ADOConnection.dll, (2) CM_AddressInfoDBC.dll, and (3) CM_RecordingLocationDBC.dll, related to improper dereferencing. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "34912",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34912"
},
{
"name" : "35046",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35046"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite 2.50.3.0 allow remote attackers to execute arbitrary code via the ReturnConnection method in (1) CM_ADOConnection.dll, (2) CM_AddressInfoDBC.dll, and (3) CM_RecordingLocationDBC.dll, related to improper dereferencing. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35046"
},
{
"name": "34912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34912"
}
]
}
}

160
2009/1xxx/CVE-2009-1901.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1901",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits \"non-standard http methods,\" which has unknown impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876"
},
{
"name" : "PK73246",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK73246"
},
{
"name" : "35405",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35405"
},
{
"name" : "ADV-2009-1464",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1464"
},
{
"name" : "was-http-methods-unspecified(51173)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51173"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits \"non-standard http methods,\" which has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "was-http-methods-unspecified(51173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51173"
},
{
"name": "PK73246",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK73246"
},
{
"name": "35405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35405"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876"
},
{
"name": "ADV-2009-1464",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1464"
}
]
}
}

160
2009/5xxx/CVE-2009-5063.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20110322 CVE Request: libpng memory leak",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/03/22/7"
},
{
"name" : "[oss-security] 20110328 Re: CVE Request: libpng memory leak",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/03/28/6"
},
{
"name" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18",
"refsource" : "CONFIRM",
"url" : "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18"
},
{
"name" : "GLSA-201206-15",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name" : "49660",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49660"
},
{
"name": "[oss-security] 20110322 CVE Request: libpng memory leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/22/7"
},
{
"name": "GLSA-201206-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-15.xml"
},
{
"name": "[oss-security] 20110328 Re: CVE Request: libpng memory leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/03/28/6"
},
{
"name": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18",
"refsource": "CONFIRM",
"url": "http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18"
}
]
}
}

140
2012/0xxx/CVE-2012-0307.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00"
},
{
"name" : "55138",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55138"
},
{
"name" : "symantec-gateway-unspec-xss(78031)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78031"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00"
},
{
"name": "55138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55138"
},
{
"name": "symantec-gateway-unspec-xss(78031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78031"
}
]
}
}

150
2012/2xxx/CVE-2012-2246.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.launchpad.net/mahara/+bug/1057240",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/mahara/+bug/1057240"
},
{
"name" : "https://mahara.org/interaction/forum/topic.php?id=4939",
"refsource" : "CONFIRM",
"url" : "https://mahara.org/interaction/forum/topic.php?id=4939"
},
{
"name" : "DSA-2591",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2591"
},
{
"name" : "mahara-delete-clickjacking(79273)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to conduct clickjacking attacks to delete arbitrary users and bypass CSRF protection via account/delete.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/1057240",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1057240"
},
{
"name": "DSA-2591",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"name": "mahara-delete-clickjacking(79273)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79273"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=4939",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=4939"
}
]
}
}

200
2012/2xxx/CVE-2012-2744.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34",
"refsource" : "CONFIRM",
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9e2dcf72023d1447f09c47d77c99b0c49659e5ce",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9e2dcf72023d1447f09c47d77c99b0c49659e5ce"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=833402",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=833402"
},
{
"name" : "https://github.com/torvalds/linux/commit/9e2dcf72023d1447f09c47d77c99b0c49659e5ce",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/9e2dcf72023d1447f09c47d77c99b0c49659e5ce"
},
{
"name" : "RHSA-2012:1064",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1064.html"
},
{
"name" : "RHSA-2012:1148",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1148.html"
},
{
"name" : "54367",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54367"
},
{
"name" : "1027235",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027235"
},
{
"name" : "49928",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=833402",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833402"
},
{
"name": "54367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54367"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34"
},
{
"name": "1027235",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027235"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9e2dcf72023d1447f09c47d77c99b0c49659e5ce",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9e2dcf72023d1447f09c47d77c99b0c49659e5ce"
},
{
"name": "https://github.com/torvalds/linux/commit/9e2dcf72023d1447f09c47d77c99b0c49659e5ce",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9e2dcf72023d1447f09c47d77c99b0c49659e5ce"
},
{
"name": "RHSA-2012:1064",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1064.html"
},
{
"name": "49928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49928"
},
{
"name": "RHSA-2012:1148",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1148.html"
}
]
}
}

34
2012/3xxx/CVE-2012-3069.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3069",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3069",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2012/3xxx/CVE-2012-3133.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3133",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflow",
"refsource" : "CONFIRM",
"url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflow"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflow",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_3133_buffer_overflow"
}
]
}
}

150
2012/3xxx/CVE-2012-3936.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3936",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCua40962."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-3936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121010 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex"
},
{
"name" : "55866",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55866"
},
{
"name" : "86141",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86141"
},
{
"name" : "1027639",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027639"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCua40962."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "86141",
"refsource": "OSVDB",
"url": "http://osvdb.org/86141"
},
{
"name": "1027639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027639"
},
{
"name": "55866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55866"
},
{
"name": "20121010 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex"
}
]
}
}

150
2012/4xxx/CVE-2012-4141.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the \"file name\" parameter, aka Bug IDs CSCua71557 and CSCua71551."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-4141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131004 Cisco NX-OS Local Write Redirection Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4141"
},
{
"name" : "62839",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62839"
},
{
"name" : "98122",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/98122"
},
{
"name" : "1029160",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029160"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the \"file name\" parameter, aka Bug IDs CSCua71557 and CSCua71551."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98122",
"refsource": "OSVDB",
"url": "http://osvdb.org/98122"
},
{
"name": "62839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62839"
},
{
"name": "20131004 Cisco NX-OS Local Write Redirection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4141"
},
{
"name": "1029160",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029160"
}
]
}
}

130
2012/4xxx/CVE-2012-4242.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html",
"refsource" : "MISC",
"url" : "http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html"
},
{
"name" : "55622",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55622"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55622"
},
{
"name": "http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/mf-gig-calendar-xss.html"
}
]
}
}

34
2012/4xxx/CVE-2012-4339.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4339",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4339",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

320
2012/4xxx/CVE-2012-4538.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4538",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Xen-announce] 20121113 Xen Security Advisory 23 (CVE-2012-4538) - Unhooking empty PAE entries DoS vulnerability",
"refsource" : "MLIST",
"url" : "http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html"
},
{
"name" : "[oss-security] 20121113 Xen Security Advisory 23 (CVE-2012-4538) - Unhooking empty PAE entries DoS vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/11/13/3"
},
{
"name" : "DSA-2582",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2582"
},
{
"name" : "GLSA-201309-24",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name" : "GLSA-201604-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201604-03"
},
{
"name" : "SUSE-SU-2012:1615",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html"
},
{
"name" : "SUSE-SU-2012:1486",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html"
},
{
"name" : "SUSE-SU-2012:1487",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html"
},
{
"name" : "openSUSE-SU-2012:1572",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
},
{
"name" : "SUSE-SU-2014:0446",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name" : "openSUSE-SU-2012:1573",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
},
{
"name" : "56498",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56498"
},
{
"name" : "87306",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/87306"
},
{
"name" : "1027762",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027762"
},
{
"name" : "51468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51468"
},
{
"name" : "51200",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51200"
},
{
"name" : "51413",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51413"
},
{
"name" : "51324",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51324"
},
{
"name" : "51352",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51352"
},
{
"name" : "55082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55082"
},
{
"name" : "xen-hvmop-dos(80025)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80025"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55082"
},
{
"name": "51413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51413"
},
{
"name": "51200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51200"
},
{
"name": "1027762",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027762"
},
{
"name": "GLSA-201309-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "DSA-2582",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2582"
},
{
"name": "SUSE-SU-2012:1486",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html"
},
{
"name": "87306",
"refsource": "OSVDB",
"url": "http://osvdb.org/87306"
},
{
"name": "openSUSE-SU-2012:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
},
{
"name": "51468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51468"
},
{
"name": "SUSE-SU-2012:1487",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html"
},
{
"name": "xen-hvmop-dos(80025)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80025"
},
{
"name": "SUSE-SU-2014:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "51352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51352"
},
{
"name": "51324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51324"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "[oss-security] 20121113 Xen Security Advisory 23 (CVE-2012-4538) - Unhooking empty PAE entries DoS vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/13/3"
},
{
"name": "56498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56498"
},
{
"name": "SUSE-SU-2012:1615",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html"
},
{
"name": "openSUSE-SU-2012:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
},
{
"name": "[Xen-announce] 20121113 Xen Security Advisory 23 (CVE-2012-4538) - Unhooking empty PAE entries DoS vulnerability",
"refsource": "MLIST",
"url": "http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html"
}
]
}
}

34
2012/4xxx/CVE-2012-4748.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4748",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4748",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2012/4xxx/CVE-2012-4873.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4873",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18627",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18627"
},
{
"name" : "http://sir.co.kr/bbs/board.php?bo_table=g4_pds&wr_id=7156",
"refsource" : "CONFIRM",
"url" : "http://sir.co.kr/bbs/board.php?bo_table=g4_pds&wr_id=7156"
},
{
"name" : "52622",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52622"
},
{
"name" : "48458",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48458"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18627",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18627"
},
{
"name": "48458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48458"
},
{
"name": "52622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52622"
},
{
"name": "http://sir.co.kr/bbs/board.php?bo_table=g4_pds&wr_id=7156",
"refsource": "CONFIRM",
"url": "http://sir.co.kr/bbs/board.php?bo_table=g4_pds&wr_id=7156"
}
]
}
}

130
2012/6xxx/CVE-2012-6048.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18851",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18851"
},
{
"name" : "81828",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/81828"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of service (crash) via a long string in a gpx file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18851",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18851"
},
{
"name": "81828",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81828"
}
]
}
}

34
2012/6xxx/CVE-2012-6280.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6280",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6280",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

160
2012/6xxx/CVE-2012-6693.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource" : "MISC",
"url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name" : "https://twitter.com/digitalbond/status/619250429751222277",
"refsource" : "MISC",
"url" : "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
},
{
"name" : "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1",
"refsource" : "CONFIRM",
"url" : "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1"
},
{
"name" : "http://apps.gehealthcare.com/servlet/ClientServlet/C4x_SRV_SVC_2063464-001r2.pdf?REQ=RAA&DIRECTION=2063464-001&FILENAME=C4x_SRV_SVC_2063464-001r2.pdf&FILEREV=2&DOCREV_ORG=2",
"refsource" : "CONFIRM",
"url" : "http://apps.gehealthcare.com/servlet/ClientServlet/C4x_SRV_SVC_2063464-001r2.pdf?REQ=RAA&DIRECTION=2063464-001&FILENAME=C4x_SRV_SVC_2063464-001r2.pdf&FILEREV=2&DOCREV_ORG=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/C4x_SRV_SVC_2063464-001r2.pdf?REQ=RAA&DIRECTION=2063464-001&FILENAME=C4x_SRV_SVC_2063464-001r2.pdf&FILEREV=2&DOCREV_ORG=2",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C4x_SRV_SVC_2063464-001r2.pdf?REQ=RAA&DIRECTION=2063464-001&FILENAME=C4x_SRV_SVC_2063464-001r2.pdf&FILEREV=2&DOCREV_ORG=2"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
},
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1"
}
]
}
}

130
2017/2xxx/CVE-2017-2132.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#54795166",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN54795166/"
},
{
"name" : "101584",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101584"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101584"
},
{
"name": "JVN#54795166",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN54795166/"
}
]
}
}

130
2017/2xxx/CVE-2017-2226.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Setup file of advance preparation for e-Tax software (WEB version)",
"version" : {
"version_data" : [
{
"version_value" : "(1.17.1) and earlier"
}
]
}
}
]
},
"vendor_name" : "National Tax Agency"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Setup file of advance preparation for e-Tax software (WEB version)",
"version": {
"version_data": [
{
"version_value": "(1.17.1) and earlier"
}
]
}
}
]
},
"vendor_name": "National Tax Agency"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#79451345",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN79451345/index.html"
},
{
"name" : "99334",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99334"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software (WEB version) (1.17.1) and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99334"
},
{
"name": "JVN#79451345",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN79451345/index.html"
}
]
}
}

204
2017/2xxx/CVE-2017-2337.json
View File

@ -1,104 +1,104 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2017-07-12T09:00",
"ID" : "CVE-2017-2337",
"STATE" : "PUBLIC",
"TITLE" : "ScreenOS: XSS vulnerability in ScreenOS Firewall"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ScreenOS",
"version" : {
"version_data" : [
{
"platform" : "SSG Series",
"version_value" : "6.3.0 prior to 6.3.0r24"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
}
]
}
},
"configuration" : [],
"credit" : [
"Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC.",
"Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.4,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "persistent cross site scripting vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2017-07-12T09:00",
"ID": "CVE-2017-2337",
"STATE": "PUBLIC",
"TITLE": "ScreenOS: XSS vulnerability in ScreenOS Firewall"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ScreenOS",
"version": {
"version_data": [
{
"platform": "SSG Series",
"version_value": "6.3.0 prior to 6.3.0r24"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10782",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10782"
},
{
"name" : "99590",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99590"
},
{
"name" : "1038881",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038881"
}
]
},
"solution" : "ScreenOS has been updated to add checks to prevent scripts in WebUI strings.\n\nThe following software release has been updated to resolve this specific issue: ScreenOS 6.3.0r24, and all subsequent releases.\n\nThis issue is being tracked as PR 1136628 and is visible on the Customer Support website.\n\nKB16765 - \"In which releases are vulnerabilities fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.",
"work_around" : [
{
"lang" : "eng",
"value" : "Use access lists or firewall filters to limit access to the firewall's WebUI only from trusted hosts."
}
]
}
}
},
"configuration": [],
"credit": [
"Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC.",
"Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability."
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "persistent cross site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10782",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10782"
},
{
"name": "1038881",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038881"
},
{
"name": "99590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99590"
}
]
},
"solution": "ScreenOS has been updated to add checks to prevent scripts in WebUI strings.\n\nThe following software release has been updated to resolve this specific issue: ScreenOS 6.3.0r24, and all subsequent releases.\n\nThis issue is being tracked as PR 1136628 and is visible on the Customer Support website.\n\nKB16765 - \"In which releases are vulnerabilities fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.",
"work_around": [
{
"lang": "eng",
"value": "Use access lists or firewall filters to limit access to the firewall's WebUI only from trusted hosts."
}
]
}

140
2017/2xxx/CVE-2017-2357.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2357",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"IOAudioFamily\" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207483",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207483"
},
{
"name" : "95723",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95723"
},
{
"name" : "1037671",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"IOAudioFamily\" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207483",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207483"
},
{
"name": "1037671",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037671"
},
{
"name": "95723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95723"
}
]
}
}

180
2017/2xxx/CVE-2017-2483.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41797",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41797/"
},
{
"name" : "https://support.apple.com/HT207601",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207601"
},
{
"name" : "https://support.apple.com/HT207602",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207602"
},
{
"name" : "https://support.apple.com/HT207615",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207615"
},
{
"name" : "https://support.apple.com/HT207617",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207617"
},
{
"name" : "97137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97137"
},
{
"name" : "1038138",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. A buffer overflow allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97137"
},
{
"name": "https://support.apple.com/HT207601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207601"
},
{
"name": "https://support.apple.com/HT207615",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207615"
},
{
"name": "1038138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038138"
},
{
"name": "https://support.apple.com/HT207602",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207602"
},
{
"name": "41797",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41797/"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

160
2017/2xxx/CVE-2017-2937.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-2937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 24.0.0.186 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 24.0.0.186 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-2937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 24.0.0.186 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 24.0.0.186 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
},
{
"name" : "GLSA-201702-20",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-20"
},
{
"name" : "RHSA-2017:0057",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
},
{
"name" : "95342",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95342"
},
{
"name" : "1037570",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037570"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class, when using class inheritance. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201702-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-20"
},
{
"name": "95342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95342"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
},
{
"name": "RHSA-2017:0057",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
},
{
"name": "1037570",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037570"
}
]
}
}

152
2017/6xxx/CVE-2017-6165.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"ID" : "CVE-2017-6165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
"version" : {
"version_data" : [
{
"version_value" : "12.0.0 through 12.1.2"
},
{
"version_value" : "11.6.0 through 11.6.1 HF1"
},
{
"version_value" : "11.5.1 HF6 through 11.5.4 HF4"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the \"/var/log/ltm\" log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information leakage via logfile"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2017-6165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
"version": {
"version_data": [
{
"version_value": "12.0.0 through 12.1.2"
},
{
"version_value": "11.6.0 through 11.6.1 HF1"
},
{
"version_value": "11.5.1 HF6 through 11.5.4 HF4"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K74759095",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K74759095"
},
{
"name" : "101543",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101543"
},
{
"name" : "1039638",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039638"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the \"/var/log/ltm\" log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage via logfile"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K74759095",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K74759095"
},
{
"name": "1039638",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039638"
},
{
"name": "101543",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101543"
}
]
}
}

142
2017/6xxx/CVE-2017-6425.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-04-03T00:00:00",
"ID" : "CVE-2017-6425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-04-03T00:00:00",
"ID": "CVE-2017-6425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name" : "97362",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97362"
},
{
"name" : "1038201",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-32577085. References: QC-CR#1103689."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-04-01"
},
{
"name": "97362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97362"
},
{
"name": "1038201",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038201"
}
]
}
}

120
2018/11xxx/CVE-2018-11951.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11951",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile",
"version" : {
"version_data" : [
{
"version_value" : "SD 845, SD 850"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control in Core"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "SD 845, SD 850"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}

130
2018/14xxx/CVE-2018-14312.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.5096"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportAsFDF function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6332."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.5096"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-772",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-772"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportAsFDF function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6332."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-772",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-772"
}
]
}
}

34
2018/14xxx/CVE-2018-14475.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14475",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14475",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

238
2018/14xxx/CVE-2018-14825.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-09-13T00:00:00",
"ID" : "CVE-2018-14825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mobile Computers",
"version" : {
"version_data" : [
{
"version_value" : "CT60 running Android OS 7.1"
},
{
"version_value" : "CN80 running Android OS 7.1"
},
{
"version_value" : "CT40 running Android OS 7.1"
},
{
"version_value" : "CK75 running Android OS 6.0"
},
{
"version_value" : "CN75 running Android OS 6.0"
},
{
"version_value" : "CN75e running Android OS 6.0"
},
{
"version_value" : "CT50 running Android OS 6.0"
},
{
"version_value" : "D75e running Android OS 6.0"
},
{
"version_value" : "CT50 running Android OS 4.4"
},
{
"version_value" : "D75e running Android OS 4.4"
},
{
"version_value" : "CN51 running Android OS 6.0"
},
{
"version_value" : "EDA50k running Android 4.4"
},
{
"version_value" : "EDA50 running Android OS 7.1"
},
{
"version_value" : "EDA50k running Android OS 7.1"
},
{
"version_value" : "EDA70 running Android OS 7.1"
},
{
"version_value" : "EDA60k running Android OS 7.1"
},
{
"version_value" : "EDA51 running Android OS 8.1"
}
]
}
}
]
},
"vendor_name" : "Honeywell"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-13T00:00:00",
"ID": "CVE-2018-14825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mobile Computers",
"version": {
"version_data": [
{
"version_value": "CT60 running Android OS 7.1"
},
{
"version_value": "CN80 running Android OS 7.1"
},
{
"version_value": "CT40 running Android OS 7.1"
},
{
"version_value": "CK75 running Android OS 6.0"
},
{
"version_value": "CN75 running Android OS 6.0"
},
{
"version_value": "CN75e running Android OS 6.0"
},
{
"version_value": "CT50 running Android OS 6.0"
},
{
"version_value": "D75e running Android OS 6.0"
},
{
"version_value": "CT50 running Android OS 4.4"
},
{
"version_value": "D75e running Android OS 4.4"
},
{
"version_value": "CN51 running Android OS 6.0"
},
{
"version_value": "EDA50k running Android 4.4"
},
{
"version_value": "EDA50 running Android OS 7.1"
},
{
"version_value": "EDA50k running Android OS 7.1"
},
{
"version_value": "EDA70 running Android OS 7.1"
},
{
"version_value": "EDA60k running Android OS 7.1"
},
{
"version_value": "EDA51 running Android OS 8.1"
}
]
}
}
]
},
"vendor_name": "Honeywell"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-256-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-256-01"
},
{
"name" : "https://cert.vde.com/de-de/advisories/vde-2018-016",
"refsource" : "MISC",
"url" : "https://cert.vde.com/de-de/advisories/vde-2018-016"
},
{
"name" : "105767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Honeywell Mobile Computers (CT60 running Android OS 7.1, CN80 running Android OS 7.1, CT40 running Android OS 7.1, CK75 running Android OS 6.0, CN75 running Android OS 6.0, CN75e running Android OS 6.0, CT50 running Android OS 6.0, D75e running Android OS 6.0, CT50 running Android OS 4.4, D75e running Android OS 4.4, CN51 running Android OS 6.0, EDA50k running Android 4.4, EDA50 running Android OS 7.1, EDA50k running Android OS 7.1, EDA70 running Android OS 7.1, EDA60k running Android OS 7.1, and EDA51 running Android OS 8.1), a skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable information, photos, emails, or business-critical documents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2018-016",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2018-016"
},
{
"name": "105767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105767"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-256-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-256-01"
}
]
}
}

34
2018/15xxx/CVE-2018-15205.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15205",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15205",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15208.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15208",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15208",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15217.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15217",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15217",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

250
2018/15xxx/CVE-2018-15408.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-03T16:00:00-0500",
"ID" : "CVE-2018-15408",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco WebEx WRF Player ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "7.8",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-10-03T16:00:00-0500",
"ID": "CVE-2018-15408",
"STATE": "PUBLIC",
"TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx WRF Player ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce"
},
{
"name" : "105520",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105520"
},
{
"name" : "1041795",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041795"
}
]
},
"source" : {
"advisory" : "cisco-sa-20181003-webex-rce",
"defect" : [
[
"CSCvj83752",
"CSCvj83767",
"CSCvj83771",
"CSCvj83793",
"CSCvj83797",
"CSCvj83803",
"CSCvj83818",
"CSCvj83824",
"CSCvj83831",
"CSCvj87929",
"CSCvj87934",
"CSCvj93870",
"CSCvj93877",
"CSCvk31089",
"CSCvk33049",
"CSCvk52510",
"CSCvk52518",
"CSCvk52521",
"CSCvk59945",
"CSCvk59949",
"CSCvk59950",
"CSCvk60158",
"CSCvk60163",
"CSCvm51315",
"CSCvm51318",
"CSCvm51361",
"CSCvm51371",
"CSCvm51373",
"CSCvm51374",
"CSCvm51382",
"CSCvm51386",
"CSCvm51391",
"CSCvm51393",
"CSCvm51396",
"CSCvm51398",
"CSCvm51412",
"CSCvm51413",
"CSCvm54531",
"CSCvm54538"
]
],
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system."
}
]
},
"impact": {
"cvss": {
"baseScore": "7.8",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041795",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041795"
},
{
"name": "105520",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105520"
},
{
"name": "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce"
}
]
},
"source": {
"advisory": "cisco-sa-20181003-webex-rce",
"defect": [
[
"CSCvj83752",
"CSCvj83767",
"CSCvj83771",
"CSCvj83793",
"CSCvj83797",
"CSCvj83803",
"CSCvj83818",
"CSCvj83824",
"CSCvj83831",
"CSCvj87929",
"CSCvj87934",
"CSCvj93870",
"CSCvj93877",
"CSCvk31089",
"CSCvk33049",
"CSCvk52510",
"CSCvk52518",
"CSCvk52521",
"CSCvk59945",
"CSCvk59949",
"CSCvk59950",
"CSCvk60158",
"CSCvk60163",
"CSCvm51315",
"CSCvm51318",
"CSCvm51361",
"CSCvm51371",
"CSCvm51373",
"CSCvm51374",
"CSCvm51382",
"CSCvm51386",
"CSCvm51391",
"CSCvm51393",
"CSCvm51396",
"CSCvm51398",
"CSCvm51412",
"CSCvm51413",
"CSCvm54531",
"CSCvm54538"
]
],
"discovery": "UNKNOWN"
}
}

132
2018/15xxx/CVE-2018-15705.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00",
"ID" : "CVE-2018-15705",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Advantech WebAccess",
"version" : {
"version_data" : [
{
"version_value" : "8.3.1 and 8.3.2"
}
]
}
}
]
},
"vendor_name" : "Advantech"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal"
}
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-15705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "8.3.1 and 8.3.2"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45774",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45774/"
},
{
"name" : "https://www.tenable.com/security/research/tra-2018-35",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-35"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to write or overwrite any file on the filesystem due to a directory traversal vulnerability in the writeFile API. An attacker can use this vulnerability to remotely execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45774",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-35",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
]
}
}

34
2018/20xxx/CVE-2018-20491.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20491",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20491",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

182
2018/9xxx/CVE-2018-9075.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@lenovo.com",
"ID" : "CVE-2018-9075",
"STATE" : "PUBLIC",
"TITLE" : "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Iomega StorCenter",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name" : "LenovoEMC",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
},
{
"product_name" : "EZ Media and Backup Center",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_name" : "4.1.402.34662",
"version_value" : "4.1.402.34662"
}
]
}
}
]
},
"vendor_name" : "Lenovo Group LTD"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick \"``\" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbitrary Command Execution"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"ID": "CVE-2018-9075",
"STATE": "PUBLIC",
"TITLE": "Iomega and LenovoEMC NAS Web UI Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Iomega StorCenter",
"version": {
"version_data": [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "LenovoEMC",
"version": {
"version_data": [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
},
{
"product_name": "EZ Media and Backup Center",
"version": {
"version_data": [
{
"affected": "<=",
"version_name": "4.1.402.34662",
"version_value": "4.1.402.34662"
}
]
}
}
]
},
"vendor_name": "Lenovo Group LTD"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource" : "CONFIRM",
"url" : "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source" : {
"advisory" : "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick \"``\" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-24224"
}
]
},
"source": {
"advisory": "https://support.lenovo.com/us/en/solutions/LEN-24224",
"discovery": "UNKNOWN"
}
}

34
2018/9xxx/CVE-2018-9434.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9434",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9434",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/9xxx/CVE-2018-9936.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-9936",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.29935"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of field elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5370."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-704-Incorrect Type Conversion or Cast"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-9936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.0.29935"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-320",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-320"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of field elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5370."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-704-Incorrect Type Conversion or Cast"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-320",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-320"
}
]
}
}