admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:02:45 +00:00
parent 2d7ee87597
commit 0f30a4f15b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3767 additions and 3767 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

198
2002/0xxx/CVE-2002-0079.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0079", "ID": "CVE-2002-0079",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101846993304518&w=2" "lang": "eng",
}, "value": "Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code."
{ }
"name" : "MS02-018", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CA-2002-09", "description": [
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2002-09.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018", ]
"refsource" : "CISCO", }
"url" : "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml" ]
}, },
{ "references": {
"name" : "VU#610291", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/610291" "name": "oval:org.mitre.oval:def:25",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A25"
"name" : "iis-asp-chunked-encoding-bo(8795)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8795.php" "name": "VU#610291",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/610291"
"name" : "4485", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4485" "name": "oval:org.mitre.oval:def:16",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16"
"name" : "oval:org.mitre.oval:def:16", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16" "name": "4485",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/4485"
"name" : "oval:org.mitre.oval:def:25", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A25" "name": "MS02-018",
} "refsource": "MS",
] "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018"
} },
{
"name": "20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101846993304518&w=2"
},
{
"name": "iis-asp-chunked-encoding-bo(8795)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8795.php"
},
{
"name": "CA-2002-09",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-09.html"
},
{
"name": "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml"
}
]
}
} }

158
2002/0xxx/CVE-2002-0117.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0117", "ID": "CVE-2002-0117",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/249031" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag."
{ }
"name" : "http://www.yabbforum.com/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.yabbforum.com/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3828", "description": [
"refsource" : "BID", {
"url" : "http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2019", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/2019" ]
}, },
{ "references": {
"name" : "yabb-encoded-css(7840)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7840.php" "name": "20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]",
} "refsource": "BUGTRAQ",
] "url": "http://online.securityfocus.com/archive/1/249031"
} },
{
"name": "http://www.yabbforum.com/",
"refsource": "CONFIRM",
"url": "http://www.yabbforum.com/"
},
{
"name": "yabb-encoded-css(7840)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7840.php"
},
{
"name": "3828",
"refsource": "BID",
"url": "http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828"
},
{
"name": "2019",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2019"
}
]
}
} }

158
2002/0xxx/CVE-2002-0765.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0765", "ID": "CVE-2002-0765",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020527 OpenSSH 3.2.3 released (fwd)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html" "lang": "eng",
}, "value": "sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password."
{ }
"name" : "20020522 004: SECURITY FIX: May 22, 2002", ]
"refsource" : "OPENBSD", },
"url" : "http://www.openbsd.org/errata.html#sshbsdauth" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4803", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4803" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "bsd-sshd-authentication-error(9215)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/9215.php" ]
}, },
{ "references": {
"name" : "5113", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5113" "name": "20020527 OpenSSH 3.2.3 released (fwd)",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html"
} },
{
"name": "bsd-sshd-authentication-error(9215)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9215.php"
},
{
"name": "20020522 004: SECURITY FIX: May 22, 2002",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata.html#sshbsdauth"
},
{
"name": "5113",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5113"
},
{
"name": "4803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4803"
}
]
}
} }

228
2002/0xxx/CVE-2002-0842.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0842", "ID": "CVE-2002-0842",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a \"502 Bad Gateway\" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104549708626309&w=2" "lang": "eng",
}, "value": "Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a \"502 Bad Gateway\" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror()."
{ }
"name" : "20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)", ]
"refsource" : "NTBUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=104549708626309&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)", "description": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.nextgenss.com/advisories/ora-appservfmtst.txt", ]
"refsource" : "MISC", }
"url" : "http://www.nextgenss.com/advisories/ora-appservfmtst.txt" ]
}, },
{ "references": {
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf" "name": "CA-2003-05",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2003-05.html"
"name" : "CA-2003-05", },
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2003-05.html" "name": "N-046",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
"name" : "VU#849993", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/849993" "name": "http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf"
"name" : "N-046", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/n-046.shtml" "name": "20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)",
}, "refsource": "NTBUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=104549708626309&w=2"
"name" : "20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104559446010858&w=2" "name": "VU#849993",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/849993"
"name" : "20030218 Re: CSSA-2003-007.0 Advisory withdrawn.", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104560577227981&w=2" "name": "20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)",
}, "refsource": "VULNWATCH",
{ "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html"
"name" : "oracle-appserver-davpublic-dos(11330)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/11330.php" "name": "oracle-appserver-davpublic-dos(11330)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/11330.php"
"name" : "6846", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6846" "name": "6846",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/6846"
} },
{
"name": "20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104549708626309&w=2"
},
{
"name": "20030218 Re: CSSA-2003-007.0 Advisory withdrawn.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104560577227981&w=2"
},
{
"name": "20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104559446010858&w=2"
},
{
"name": "http://www.nextgenss.com/advisories/ora-appservfmtst.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/ora-appservfmtst.txt"
}
]
}
} }

158
2002/0xxx/CVE-2002-0945.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0945", "ID": "CVE-2002-0945",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in SeaNox Devwex allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020608 SeaNox Devwex - Denial of Service and Directory traversal", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html" "lang": "eng",
}, "value": "Buffer overflow in SeaNox Devwex allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request."
{ }
"name" : "http://www.seanox.de/projects.devwex.php", ]
"refsource" : "CONFIRM", },
"url" : "http://www.seanox.de/projects.devwex.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "devwex-get-bo(9298)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9298.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4979", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/4979" ]
}, },
{ "references": {
"name" : "5047", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5047" "name": "devwex-get-bo(9298)",
} "refsource": "XF",
] "url": "http://www.iss.net/security_center/static/9298.php"
} },
{
"name": "5047",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5047"
},
{
"name": "20020608 SeaNox Devwex - Denial of Service and Directory traversal",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html"
},
{
"name": "http://www.seanox.de/projects.devwex.php",
"refsource": "CONFIRM",
"url": "http://www.seanox.de/projects.devwex.php"
},
{
"name": "4979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4979"
}
]
}
} }

158
2002/1xxx/CVE-2002-1499.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1499", "ID": "CVE-2002-1499",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020831 FactoSystem CMS Contains Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/290021" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp."
{ }
"name" : "20020830 FactoSystem CMS Contains Multiple Vulnerabilities", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668", "description": [
"refsource" : "MISC", {
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "factosystem-asp-sql-injection(10000)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/10000.php" ]
}, },
{ "references": {
"name" : "5600", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5600" "name": "factosystem-asp-sql-injection(10000)",
} "refsource": "XF",
] "url": "http://www.iss.net/security_center/static/10000.php"
} },
{
"name": "5600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5600"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668",
"refsource": "MISC",
"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668"
},
{
"name": "20020830 FactoSystem CMS Contains Multiple Vulnerabilities",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html"
},
{
"name": "20020831 FactoSystem CMS Contains Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/290021"
}
]
}
} }

138
2002/2xxx/CVE-2002-2001.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2001", "ID": "CVE-2002-2001",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MDKSA-2002:008", "description_data": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2002:008" "lang": "eng",
}, "value": "jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack."
{ }
"name" : "3940", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3940" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "linux-jmcce-tmp-symlink(7980)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7980.php" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "3940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3940"
},
{
"name": "linux-jmcce-tmp-symlink(7980)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7980.php"
},
{
"name": "MDKSA-2002:008",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:008"
}
]
}
} }

148
2005/0xxx/CVE-2005-0038.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0038", "ID": "CVE-2005-0038",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en" "lang": "eng",
}, "value": "The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop."
{ }
"name" : "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html", ]
"refsource" : "MISC", },
"url" : "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "13729", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13729" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25291", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/25291" ]
} },
] "references": {
} "reference_data": [
{
"name": "13729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13729"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en"
},
{
"name": "25291",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25291"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html"
}
]
}
} }

148
2005/0xxx/CVE-2005-0785.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0785", "ID": "CVE-2005-0785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050313 YaBB2 rc1 XSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111083400601759&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter."
{ }
"name" : "12756", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/12756" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1013420", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013420" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "yabb-usersrecentposts-xss(19671)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19671" ]
} },
] "references": {
} "reference_data": [
{
"name": "1013420",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013420"
},
{
"name": "20050313 YaBB2 rc1 XSS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111083400601759&w=2"
},
{
"name": "yabb-usersrecentposts-xss(19671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19671"
},
{
"name": "12756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12756"
}
]
}
} }

32
2005/1xxx/CVE-2005-1210.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1210", "ID": "CVE-2005-1210",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2005/1xxx/CVE-2005-1831.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1831", "ID": "CVE-2005-1831",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating \"Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050531 [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111755694008928&w=2" "lang": "eng",
}, "value": "** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating \"Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.\""
{ }
"name" : "20050531 RE: [securitysuse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-05/0359.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20050531 Re: [securitysuse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-05/0349.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20417", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/20417" ]
} },
] "references": {
} "reference_data": [
{
"name": "20050531 RE: [securitysuse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-05/0359.html"
},
{
"name": "20050531 Re: [securitysuse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-05/0349.html"
},
{
"name": "20050531 [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111755694008928&w=2"
},
{
"name": "20417",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20417"
}
]
}
} }

198
2009/0xxx/CVE-2009-0030.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-0030", "ID": "CVE-2009-0030",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=480224", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=480224" "lang": "eng",
}, "value": "A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID cookie value for all sessions, which allows remote authenticated users to access other users' folder lists and configuration data in opportunistic circumstances by using the standard webmail.php interface. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3663."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=480488", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=480488" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2009:0057", "description": [
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2009-0057.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SR:2009:004", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" ]
}, },
{ "references": {
"name" : "33354", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33354" "name": "RHSA-2009:0057",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2009-0057.html"
"name" : "oval:org.mitre.oval:def:10366", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366" "name": "33611",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33611"
"name" : "1021611", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1021611" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=480488",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480488"
"name" : "33611", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33611" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=480224",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480224"
"name" : "squirrelmail-sessionid-session-hijacking(48115)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48115" "name": "oval:org.mitre.oval:def:10366",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10366"
} },
{
"name": "squirrelmail-sessionid-session-hijacking(48115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48115"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "1021611",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021611"
},
{
"name": "33354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33354"
}
]
}
} }

138
2009/0xxx/CVE-2009-0317.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0317", "ID": "CVE-2009-0317",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/01/26/2" "lang": "eng",
}, "value": "Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=481570", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=481570" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33442", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33442" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=481570",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=481570"
},
{
"name": "33442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33442"
}
]
}
} }

158
2009/0xxx/CVE-2009-0597.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0597", "ID": "CVE-2009-0597",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7640", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7640" "lang": "eng",
}, "value": "SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action."
{ }
"name" : "http://forum.w3bcms.de/viewtopic.php?f=5&t=256", ]
"refsource" : "MISC", },
"url" : "http://forum.w3bcms.de/viewtopic.php?f=5&t=256" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33082", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33082" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "51108", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/51108" ]
}, },
{ "references": {
"name" : "33364", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33364" "name": "33364",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/33364"
} },
{
"name": "33082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33082"
},
{
"name": "http://forum.w3bcms.de/viewtopic.php?f=5&t=256",
"refsource": "MISC",
"url": "http://forum.w3bcms.de/viewtopic.php?f=5&t=256"
},
{
"name": "51108",
"refsource": "OSVDB",
"url": "http://osvdb.org/51108"
},
{
"name": "7640",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7640"
}
]
}
} }

178
2009/0xxx/CVE-2009-0825.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0825", "ID": "CVE-2009-0825",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090306 [Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/501547/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "http://en.securitylab.ru/lab/PT-2009-13", ]
"refsource" : "MISC", },
"url" : "http://en.securitylab.ru/lab/PT-2009-13" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/project/showfiles.php?group_id=133415", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/showfiles.php?group_id=133415" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540", ]
"refsource" : "CONFIRM", }
"url" : "http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540" ]
}, },
{ "references": {
"name" : "34021", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34021" "name": "http://sourceforge.net/project/showfiles.php?group_id=133415",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/project/showfiles.php?group_id=133415"
"name" : "34178", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34178" "name": "20090306 [Positive Technologies SA:2009-13] TinX CMS 3.x SQL Injection Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/501547/100/0/threaded"
"name" : "tinxcms-rss-sql-injection(49115)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49115" "name": "34021",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/34021"
} },
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540"
},
{
"name": "http://en.securitylab.ru/lab/PT-2009-13",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2009-13"
},
{
"name": "tinxcms-rss-sql-injection(49115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49115"
},
{
"name": "34178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34178"
}
]
}
} }

138
2009/0xxx/CVE-2009-0853.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0853", "ID": "CVE-2009-0853",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090305 CelerBB 0.0.2 Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/501481/100/0/threaded" "lang": "eng",
}, "value": "login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows remote attackers to bypass authentication and obtain administrative access via special characters in the Username parameter, as demonstrated by an admin'# parameter value."
{ }
"name" : "8161", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/8161" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34014", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34014" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "34014",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34014"
},
{
"name": "8161",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8161"
},
{
"name": "20090305 CelerBB 0.0.2 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501481/100/0/threaded"
}
]
}
} }

148
2009/1xxx/CVE-2009-1774.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1774", "ID": "CVE-2009-1774",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8681", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8681" "lang": "eng",
}, "value": "Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information."
{ }
"name" : "34971", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/34971" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28330", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28330" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "strawberry-index-file-include(50562)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50562" ]
} },
] "references": {
} "reference_data": [
{
"name": "8681",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8681"
},
{
"name": "strawberry-index-file-include(50562)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50562"
},
{
"name": "34971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34971"
},
{
"name": "28330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28330"
}
]
}
} }

308
2009/1xxx/CVE-2009-1882.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1882", "ID": "CVE-2009-1882",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20101027 rPSA-2010-0074-1 ImageMagick", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/514516/100/0/threaded" "lang": "eng",
}, "value": "Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information."
{ }
"name" : "[oss-security] 20090608 Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage()", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2009/06/08/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://imagemagick.org/script/changelog.php", "description": [
"refsource" : "CONFIRM", {
"url" : "http://imagemagick.org/script/changelog.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html", ]
"refsource" : "CONFIRM", }
"url" : "http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html" ]
}, },
{ "references": {
"name" : "http://wiki.rpath.com/Advisories:rPSA-2010-0074", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/Advisories:rPSA-2010-0074" "name": "54729",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/54729"
"name" : "DSA-1858", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1858" "name": "http://wiki.rpath.com/Advisories:rPSA-2010-0074",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/Advisories:rPSA-2010-0074"
"name" : "FEDORA-2010-0001", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033833.html" "name": "GLSA-201311-10",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201311-10.xml"
"name" : "FEDORA-2010-0036", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033766.html" "name": "37959",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37959"
"name" : "GLSA-201311-10", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201311-10.xml" "name": "[oss-security] 20090608 Re: CVE Request -- ImageMagick -- Integer overflow in XMakeImage()",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/06/08/1"
"name" : "SUSE-SR:2009:012", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" "name": "USN-784-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/784-1/"
"name" : "USN-784-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/784-1/" "name": "20101027 rPSA-2010-0074-1 ImageMagick",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/514516/100/0/threaded"
"name" : "35111", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35111" "name": "35382",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35382"
"name" : "54729", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/54729" "name": "FEDORA-2010-0001",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033833.html"
"name" : "35216", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35216" "name": "55721",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55721"
"name" : "35382", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35382" "name": "http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html",
}, "refsource": "CONFIRM",
{ "url": "http://mirror1.smudge-it.co.uk/imagemagick/www/changelog.html"
"name" : "35685", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35685" "name": "35111",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/35111"
"name" : "36260", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36260" "name": "http://imagemagick.org/script/changelog.php",
}, "refsource": "CONFIRM",
{ "url": "http://imagemagick.org/script/changelog.php"
"name" : "37959", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37959" "name": "35685",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35685"
"name" : "55721", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55721" "name": "35216",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35216"
"name" : "ADV-2009-1449", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1449" "name": "DSA-1858",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2009/dsa-1858"
} },
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "ADV-2009-1449",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1449"
},
{
"name": "FEDORA-2010-0036",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-January/033766.html"
},
{
"name": "36260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36260"
}
]
}
} }

198
2012/2xxx/CVE-2012-2404.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2404", "ID": "CVE-2012-2404",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://core.trac.wordpress.org/changeset/20486/branches/3.3/wp-comments-post.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://core.trac.wordpress.org/changeset/20486/branches/3.3/wp-comments-post.php" "lang": "eng",
}, "value": "wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors."
{ }
"name" : "http://wordpress.org/news/2012/04/wordpress-3-3-2/", ]
"refsource" : "CONFIRM", },
"url" : "http://wordpress.org/news/2012/04/wordpress-3-3-2/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2470", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2470" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "53192", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/53192" ]
}, },
{ "references": {
"name" : "81464", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/81464" "name": "81464",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/81464"
"name" : "49138", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49138" "name": "49138",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49138"
"name" : "48957", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48957" "name": "48957",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48957"
"name" : "wordpress-wpredirect-xss(75092)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75092" "name": "wordpress-wpcommentspostphp-xss(75202)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75202"
"name" : "wordpress-wpcommentspostphp-xss(75202)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75202" "name": "DSA-2470",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2012/dsa-2470"
} },
{
"name": "53192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53192"
},
{
"name": "http://wordpress.org/news/2012/04/wordpress-3-3-2/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2012/04/wordpress-3-3-2/"
},
{
"name": "wordpress-wpredirect-xss(75092)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75092"
},
{
"name": "http://core.trac.wordpress.org/changeset/20486/branches/3.3/wp-comments-post.php",
"refsource": "CONFIRM",
"url": "http://core.trac.wordpress.org/changeset/20486/branches/3.3/wp-comments-post.php"
}
]
}
} }

118
2012/2xxx/CVE-2012-2571.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-2571", "ID": "CVE-2012-2571",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV=\"CONTENT-TYPE\" META element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20366", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/20366/" "lang": "eng",
} "value": "Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV=\"CONTENT-TYPE\" META element."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20366",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20366/"
}
]
}
} }

138
2012/2xxx/CVE-2012-2918.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2918", "ID": "CVE-2012-2918",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/112585/Chevreto-Upload-Script-Cross-Site-Scripting-User-Enumeration.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/112585/Chevreto-Upload-Script-Cross-Site-Scripting-User-Enumeration.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter."
{ }
"name" : "53448", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/53448" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "chevereto-index-xss(75476)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75476" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "53448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53448"
},
{
"name": "chevereto-index-xss(75476)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75476"
},
{
"name": "http://packetstormsecurity.org/files/112585/Chevreto-Upload-Script-Cross-Site-Scripting-User-Enumeration.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112585/Chevreto-Upload-Script-Cross-Site-Scripting-User-Enumeration.html"
}
]
}
} }

128
2012/2xxx/CVE-2012-2991.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-2991", "ID": "CVE-2012-2991",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#459446", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/459446" "lang": "eng",
}, "value": "The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting the recipient to one's self."
{ }
"name" : "50640", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/50640" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#459446",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/459446"
},
{
"name": "50640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50640"
}
]
}
} }

128
2012/3xxx/CVE-2012-3151.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-3151", "ID": "CVE-2012-3151",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Unix and Linux platforms, allows local users to affect integrity and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Unix and Linux platforms, allows local users to affect integrity and availability via unknown vectors."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
} }

218
2012/3xxx/CVE-2012-3158.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-3158", "ID": "CVE-2012-3158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol."
{ }
"name" : "DSA-2581", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2012/dsa-2581" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201308-06", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" ]
}, },
{ "references": {
"name" : "MDVSA-2013:102", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102" "name": "51177",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51177"
"name" : "RHSA-2012:1462", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1462.html" "name": "RHSA-2012:1462",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
"name" : "USN-1621-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1621-1" "name": "MDVSA-2013:102",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102"
"name" : "51309", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51309" "name": "53372",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/53372"
"name" : "51177", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51177" "name": "GLSA-201308-06",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
"name" : "53372", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53372" "name": "DSA-2581",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2581"
"name" : "mysqlserver-protocol-cve20123158(79382)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79382" "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
} },
{
"name": "51309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51309"
},
{
"name": "mysqlserver-protocol-cve20123158(79382)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79382"
},
{
"name": "USN-1621-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1621-1"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
} }

228
2012/3xxx/CVE-2012-3479.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3479", "ID": "CVE-2012-3479",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120812 Re: Security flaw in GNU Emacs file-local variables", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/08/13/2" "lang": "eng",
}, "value": "lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file."
{ }
"name" : "[oss-security] 20120813 Security flaw in GNU Emacs file-local variables", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/08/13/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155", "description": [
"refsource" : "CONFIRM", {
"url" : "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2603", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2013/dsa-2603" ]
}, },
{ "references": {
"name" : "MDVSA-2013:076", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:076" "name": "SSA:2012-228-02",
}, "refsource": "SLACKWARE",
{ "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.420006"
"name" : "SSA:2012-228-02", },
"refsource" : "SLACKWARE", {
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.420006" "name": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155",
}, "refsource": "CONFIRM",
{ "url": "http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155"
"name" : "openSUSE-SU-2012:1348", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00057.html" "name": "openSUSE-SU-2012:1348",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00057.html"
"name" : "USN-1586-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1586-1" "name": "50801",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50801"
"name" : "54969", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54969" "name": "[oss-security] 20120812 Re: Security flaw in GNU Emacs file-local variables",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/08/13/2"
"name" : "1027375", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027375" "name": "USN-1586-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1586-1"
"name" : "50157", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50157" "name": "54969",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/54969"
"name" : "50801", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50801" "name": "1027375",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1027375"
} },
{
"name": "[oss-security] 20120813 Security flaw in GNU Emacs file-local variables",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/13/1"
},
{
"name": "50157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50157"
},
{
"name": "MDVSA-2013:076",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:076"
},
{
"name": "DSA-2603",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2603"
}
]
}
} }

32
2012/4xxx/CVE-2012-4047.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4047", "ID": "CVE-2012-4047",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2012/4xxx/CVE-2012-4350.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4350", "ID": "CVE-2012-4350",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121213_00", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121213_00" "lang": "eng",
}, "value": "Multiple unquoted Windows search path vulnerabilities in the (1) Manager and (2) Agent components in Symantec Enterprise Security Manager (ESM) before 11.0 allow local users to gain privileges via unspecified vectors."
{ }
"name" : "56915", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/56915" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1027874", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027874" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1027874",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027874"
},
{
"name": "56915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56915"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121213_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121213_00"
}
]
}
} }

118
2012/4xxx/CVE-2012-4546.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4546", "ID": "CVE-2012-4546",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "RHSA-2013:0528", "description_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0528.html" "lang": "eng",
} "value": "The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:0528",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0528.html"
}
]
}
} }

32
2012/6xxx/CVE-2012-6227.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6227", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-6227",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

32
2012/6xxx/CVE-2012-6243.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6243", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-6243",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

158
2012/6xxx/CVE-2012-6447.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6447", "ID": "CVE-2012-6447",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.splunk.com/view/SP-CAAAHXG#59895", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.splunk.com/view/SP-CAAAHXG#59895" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "93745", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/93745" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1028605", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1028605" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "53623", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/53623" ]
}, },
{ "references": {
"name" : "splunk-cve20126447-xss(84638)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84638" "name": "splunk-cve20126447-xss(84638)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84638"
} },
{
"name": "53623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53623"
},
{
"name": "93745",
"refsource": "OSVDB",
"url": "http://osvdb.org/93745"
},
{
"name": "http://www.splunk.com/view/SP-CAAAHXG#59895",
"refsource": "CONFIRM",
"url": "http://www.splunk.com/view/SP-CAAAHXG#59895"
},
{
"name": "1028605",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028605"
}
]
}
} }

148
2015/5xxx/CVE-2015-5880.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5880", "ID": "CVE-2015-5880",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205212", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205212" "lang": "eng",
}, "value": "CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app."
{ }
"name" : "APPLE-SA-2015-09-16-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "76764", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76764" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1033609", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1033609" ]
} },
] "references": {
} "reference_data": [
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76764"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
} }

128
2017/2xxx/CVE-2017-2334.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sirt@juniper.net", "ASSIGNER": "sirt@juniper.net",
"ID" : "CVE-2017-2334", "ID": "CVE-2017-2334",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "NorthStar Controller Application", "product_name": "NorthStar Controller Application",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to version 2.1.0 Service Pack 1" "version_value": "prior to version 2.1.0 Service Pack 1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Juniper Networks" "vendor_name": "Juniper Networks"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "information leak"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.juniper.net/JSA10783", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.juniper.net/JSA10783" "lang": "eng",
}, "value": "An information leak vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to perform a man-in-the-middle attack, thereby stealing authentic credentials from encrypted paths which are easily decrypted, and subsequently gain complete control of the system."
{ }
"name" : "97616", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97616" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97616"
}
]
}
} }

148
2017/2xxx/CVE-2017-2579.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "anemec@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-2579", "ID": "CVE-2017-2579",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "netpbm", "product_name": "netpbm",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "10.61" "version_value": "10.61"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Netpbm" "vendor_name": "Netpbm"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579" "lang": "eng",
}, "value": "An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution."
{ }
"name" : "96714", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96714" "impact": {
} "cvss": [
] [
} {
"vectorString": "3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2579"
},
{
"name": "96714",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96714"
}
]
}
} }

170
2017/2xxx/CVE-2017-2591.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "lpardo@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-2591", "ID": "CVE-2017-2591",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "389-ds-base", "product_name": "389-ds-base",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "389-ds-base 1.3.6" "version_value": "389-ds-base 1.3.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "" "vendor_name": ""
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the \"attribute uniqueness\" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
],
[
{
"vectorString" : "2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-122"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591" "lang": "eng",
}, "value": "389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the \"attribute uniqueness\" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service."
{ }
"name" : "https://pagure.io/389-ds-base/issue/48986", ]
"refsource" : "CONFIRM", },
"url" : "https://pagure.io/389-ds-base/issue/48986" "impact": {
}, "cvss": [
{ [
"name" : "95670", {
"refsource" : "BID", "vectorString": "3.7/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"url" : "http://www.securityfocus.com/bid/95670" "version": "3.0"
} }
] ],
} [
{
"vectorString": "2.6/AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pagure.io/389-ds-base/issue/48986",
"refsource": "CONFIRM",
"url": "https://pagure.io/389-ds-base/issue/48986"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2591"
},
{
"name": "95670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95670"
}
]
}
} }

120
2017/2xxx/CVE-2017-2889.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-10-31T00:00:00", "DATE_PUBLIC": "2017-10-31T00:00:00",
"ID" : "CVE-2017-2889", "ID": "CVE-2017-2889",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Circle", "product_name": "Circle",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "firmware 2.0.1" "version_value": "firmware 2.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Circle Media" "vendor_name": "Circle Media"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authentication bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0396", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0396" "lang": "eng",
} "value": "An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0396",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0396"
}
]
}
} }

158
2017/2xxx/CVE-2017-2936.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-2936", "ID": "CVE-2017-2936",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Flash Player 24.0.0.186 and earlier.", "product_name": "Adobe Flash Player 24.0.0.186 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Flash Player 24.0.0.186 and earlier." "version_value": "Adobe Flash Player 24.0.0.186 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html" "lang": "eng",
}, "value": "Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "GLSA-201702-20", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201702-20" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2017:0057", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0057.html" "lang": "eng",
}, "value": "Use After Free"
{ }
"name" : "95342", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/95342" ]
}, },
{ "references": {
"name" : "1037570", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037570" "name": "GLSA-201702-20",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201702-20"
} },
{
"name": "95342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95342"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-02.html"
},
{
"name": "RHSA-2017:0057",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0057.html"
},
{
"name": "1037570",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037570"
}
]
}
} }

158
2017/6xxx/CVE-2017-6009.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6009", "ID": "CVE-2017-6009",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the \"decode_ne_resource_id\" function in the \"restable.c\" source file. This is happening because the \"len\" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050" "lang": "eng",
}, "value": "An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the \"decode_ne_resource_id\" function in the \"restable.c\" source file. This is happening because the \"len\" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool."
{ }
"name" : "DSA-3807", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3807" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201801-12", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201801-12" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2017:0837", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0837.html" ]
}, },
{ "references": {
"name" : "96292", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96292" "name": "GLSA-201801-12",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201801-12"
} },
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050"
},
{
"name": "96292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96292"
},
{
"name": "RHSA-2017:0837",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0837.html"
},
{
"name": "DSA-3807",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3807"
}
]
}
} }

130
2017/6xxx/CVE-2017-6771.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2017-08-16T00:00:00", "DATE_PUBLIC": "2017-08-16T00:00:00",
"ID" : "CVE-2017-6771", "ID": "CVE-2017-6771",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Ultra Services Framework", "product_name": "Ultra Services Framework",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "21.0.v0.65839" "version_value": "21.0.v0.65839"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco Systems, Inc." "vendor_name": "Cisco Systems, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20170816 Cisco Ultra Services Framework AutoVNF Configuration Information Disclosure Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usf" "lang": "eng",
}, "value": "A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could exploit this vulnerability by browsing to a specific URL of an affected device. An exploit could allow the attacker to view sensitive configuration information about the deployment. Cisco Bug IDs: CSCvd29358. Known Affected Releases: 21.0.v0.65839."
{ }
"name" : "100385", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100385" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100385"
},
{
"name": "20170816 Cisco Ultra Services Framework AutoVNF Configuration Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-usf"
}
]
}
} }

118
2018/11xxx/CVE-2018-11018.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11018", "ID": "CVE-2018-11018",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/zhaoheng521/PbootCMS/blob/master/V1.0.7%20csrf", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/zhaoheng521/PbootCMS/blob/master/V1.0.7%20csrf" "lang": "eng",
} "value": "An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zhaoheng521/PbootCMS/blob/master/V1.0.7%20csrf",
"refsource": "MISC",
"url": "https://github.com/zhaoheng521/PbootCMS/blob/master/V1.0.7%20csrf"
}
]
}
} }

32
2018/11xxx/CVE-2018-11353.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11353", "ID": "CVE-2018-11353",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

134
2018/11xxx/CVE-2018-11455.json
View File

@ -1,70 +1,70 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "productcert@siemens.com", "ASSIGNER": "productcert@siemens.com",
"ID" : "CVE-2018-11455", "ID": "CVE-2018-11455",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Automation License Manager 5, Automation License Manager 6", "product_name": "Automation License Manager 5, Automation License Manager 6",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Automation License Manager 5 : All versions < 5.3.4.4" "version_value": "Automation License Manager 5 : All versions < 5.3.4.4"
}, },
{ {
"version_value" : "Automation License Manager 6 : All versions < 6.0.1" "version_value": "Automation License Manager 6 : All versions < 6.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Siemens AG" "vendor_name": "Siemens AG"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf" "lang": "eng",
}, "value": "A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required."
{ }
"name" : "105114", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105114" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105114"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf"
}
]
}
} }

128
2018/11xxx/CVE-2018-11541.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11541", "ID": "CVE-2018-11541",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb", "description_data": [
"refsource" : "MISC", {
"url" : "https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb" "lang": "eng",
}, "value": "A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows unauthorised access to privileged content via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140."
{ }
"name" : "https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes", ]
"refsource" : "MISC", },
"url" : "https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb",
"refsource": "MISC",
"url": "https://gist.github.com/CyberSKR/0134dff8f48d2e7b87227c554404bfcb"
},
{
"name": "https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes",
"refsource": "MISC",
"url": "https://support.sonus.net/display/UXDOC61/SBC+Edge+6.1.6+Release+Notes"
}
]
}
} }

32
2018/11xxx/CVE-2018-11835.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11835", "ID": "CVE-2018-11835",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/14xxx/CVE-2018-14177.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14177", "ID": "CVE-2018-14177",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/14xxx/CVE-2018-14292.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14292", "ID": "CVE-2018-14292",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.1.5096" "version_value": "9.0.1.5096"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6232."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-752", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-752" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6232."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-752",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-752"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
} }

32
2018/14xxx/CVE-2018-14538.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14538", "ID": "CVE-2018-14538",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/14xxx/CVE-2018-14807.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-09-04T00:00:00", "DATE_PUBLIC": "2018-09-04T00:00:00",
"ID" : "CVE-2018-14807", "ID": "CVE-2018-14807",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "PAC Control Basic and PAC Control Professional", "product_name": "PAC Control Basic and PAC Control Professional",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions R10.0a and prior" "version_value": "Versions R10.0a and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Opto 22" "vendor_name": "Opto 22"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "STACK-BASED BUFFER OVERFLOW CWE-121"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01" "lang": "eng",
}, "value": "A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution."
{ }
"name" : "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547", ]
"refsource" : "CONFIRM", },
"url" : "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547",
"refsource": "CONFIRM",
"url": "https://www.opto22.com/support/resources-tools/knowledgebase/kb87547"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01"
}
]
}
} }

128
2018/15xxx/CVE-2018-15001.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15001", "ID": "CVE-2018-15001",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. When logging is enabled, there is a notification in the status bar, so it is not completely transparent to the user. The user can cancel the logging, but it can be re-enabled since the app with a package name of com.vivo.bsptest cannot be disabled. The writing of these logs can be initiated by an app co-located on the device, although the READ_EXTERNAL_STORAGE permission is necessary to for an app to access the log files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" "lang": "eng",
}, "value": "The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, versionName=1.0) containing an exported activity app component named com.vivo.bsptest.BSPTestActivity that allows any app co-located on the device to initiate the writing of the logcat log, bluetooth log, and kernel log to external storage. When logging is enabled, there is a notification in the status bar, so it is not completely transparent to the user. The user can cancel the logging, but it can be re-enabled since the app with a package name of com.vivo.bsptest cannot be disabled. The writing of these logs can be initiated by an app co-located on the device, although the READ_EXTERNAL_STORAGE permission is necessary to for an app to access the log files."
{ }
"name" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", ]
"refsource" : "MISC", },
"url" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf",
"refsource": "MISC",
"url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf"
},
{
"name": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/",
"refsource": "MISC",
"url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/"
}
]
}
} }

32
2018/15xxx/CVE-2018-15074.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15074", "ID": "CVE-2018-15074",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/15xxx/CVE-2018-15247.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15247", "ID": "CVE-2018-15247",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/15xxx/CVE-2018-15585.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15585", "ID": "CVE-2018-15585",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/20xxx/CVE-2018-20262.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20262", "ID": "CVE-2018-20262",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/20xxx/CVE-2018-20497.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20497", "ID": "CVE-2018-20497",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

238
2018/8xxx/CVE-2018-8200.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8200", "ID": "CVE-2018-8200",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows Server 2016", "product_name": "Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems" "version_value": "32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for 32-bit Systems" "version_value": "Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for x64-based Systems" "version_value": "Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1703 for 32-bit Systems" "version_value": "Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1703 for x64-based Systems" "version_value": "Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for 32-bit Systems" "version_value": "Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1709 for x64-based Systems" "version_value": "Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1803 for 32-bit Systems" "version_value": "Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1803 for x64-based Systems" "version_value": "Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "x64-based Systems" "version_value": "x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1709 (Server Core Installation)" "version_value": "version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "version 1803 (Server Core Installation)" "version_value": "version 1803 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200" "lang": "eng",
}, "value": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204."
{ }
"name" : "105007", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105007" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041459", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041459" "lang": "eng",
} "value": "Security Feature Bypass"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "105007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105007"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8200"
},
{
"name": "1041459",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041459"
}
]
}
} }

32
2018/8xxx/CVE-2018-8237.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8237", "ID": "CVE-2018-8237",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

332
2018/8xxx/CVE-2018-8314.json
View File

@ -1,169 +1,169 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8314", "ID": "CVE-2018-8314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows 7", "product_name": "Windows 7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 1" "version_value": "32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012 R2", "product_name": "Windows Server 2012 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows RT 8.1", "product_name": "Windows RT 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008", "product_name": "Windows Server 2008",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 2" "version_value": "32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
}, },
{ {
"version_value" : "Itanium-Based Systems Service Pack 2" "version_value": "Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2" "version_value": "x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012", "product_name": "Windows Server 2012",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 8.1", "product_name": "Windows 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit systems" "version_value": "32-bit systems"
}, },
{ {
"version_value" : "x64-based systems" "version_value": "x64-based systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008 R2", "product_name": "Windows Server 2008 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Itanium-Based Systems Service Pack 1" "version_value": "Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems" "version_value": "32-bit Systems"
}, },
{ {
"version_value" : "x64-based Systems" "version_value": "x64-based Systems"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka \"Windows Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314" "lang": "eng",
}, "value": "An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka \"Windows Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313."
{ }
"name" : "104652", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104652" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041263", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041263" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8314"
},
{
"name": "1041263",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041263"
},
{
"name": "104652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104652"
}
]
}
} }