admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:07:56 +00:00
parent dd59e15317
commit 0fd05b4bcc
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
47 changed files with 3309 additions and 3309 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
2001/0xxx/CVE-2001-0093.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0093", "ID": "CVE-2001-0093",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "NetBSD-SA2000-017", "description_data": [
"refsource" : "NETBSD", {
"url" : "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc" "lang": "eng",
} "value": "Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "NetBSD-SA2000-017",
"refsource": "NETBSD",
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc"
}
]
}
}

210
2001/1xxx/CVE-2001-1390.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1390", "ID": "CVE-2001-1390",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010405 Trustix Security Advisory #2001-0003 - kernel", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=98653252326445&w=2" "lang": "eng",
}, "value": "Unknown vulnerability in binfmt_misc in the Linux kernel before 2.2.19, related to user pages."
{ }
"name" : "20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=98684172109474&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IMNX-2001-70-010-01", "description": [
"refsource" : "IMMUNIX", {
"url" : "http://marc.info/?l=bugtraq&m=98575345009963&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CSSA-2001-012.0", ]
"refsource" : "CALDERA", }
"url" : "http://marc.info/?l=bugtraq&m=98637996127004&w=2" ]
}, },
{ "references": {
"name" : "MDKSA-2001:037", "reference_data": [
"refsource" : "MANDRAKE", {
"url" : "http://marc.info/?l=bugtraq&m=98759029811377&w=2" "name": "RHSA-2001:047",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2001-047.html"
"name" : "DSA-047", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2001/dsa-047" "name": "CSSA-2001-012.0",
}, "refsource": "CALDERA",
{ "url": "http://marc.info/?l=bugtraq&m=98637996127004&w=2"
"name" : "SuSE-SA:2001:18", },
"refsource" : "SUSE", {
"url" : "http://marc.info/?l=bugtraq&m=99013830726309&w=2" "name": "http://www.linux.org.uk/VERSION/relnotes.2219.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.linux.org.uk/VERSION/relnotes.2219.html"
"name" : "http://www.linux.org.uk/VERSION/relnotes.2219.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.linux.org.uk/VERSION/relnotes.2219.html" "name": "SuSE-SA:2001:18",
}, "refsource": "SUSE",
{ "url": "http://marc.info/?l=bugtraq&m=99013830726309&w=2"
"name" : "CLA-2001:394", },
"refsource" : "CONECTIVA", {
"url" : "http://marc.info/?l=bugtraq&m=98775114228203&w=2" "name": "DSA-047",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2001/dsa-047"
"name" : "RHSA-2001:047", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2001-047.html" "name": "MDKSA-2001:037",
} "refsource": "MANDRAKE",
] "url": "http://marc.info/?l=bugtraq&m=98759029811377&w=2"
} },
} {
"name": "20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=98684172109474&w=2"
},
{
"name": "IMNX-2001-70-010-01",
"refsource": "IMMUNIX",
"url": "http://marc.info/?l=bugtraq&m=98575345009963&w=2"
},
{
"name": "CLA-2001:394",
"refsource": "CONECTIVA",
"url": "http://marc.info/?l=bugtraq&m=98775114228203&w=2"
},
{
"name": "20010405 Trustix Security Advisory #2001-0003 - kernel",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=98653252326445&w=2"
}
]
}
}

140
2001/1xxx/CVE-2001-1537.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1537", "ID": "CVE-2001-1537",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default \"basic\" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011128 TWIG default configurations may lead to insecure auth-cookie password storage", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html" "lang": "eng",
}, "value": "The default \"basic\" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges."
{ }
"name" : "3591", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3591" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "twig-password-plaintext-cookie(7619)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7619.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20011128 TWIG default configurations may lead to insecure auth-cookie password storage",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html"
},
{
"name": "3591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3591"
},
{
"name": "twig-password-plaintext-cookie(7619)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7619.php"
}
]
}
}

120
2006/2xxx/CVE-2006-2463.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2463", "ID": "CVE-2006-2463",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "1016085", "description_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016085" "lang": "eng",
} "value": "view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016085",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016085"
}
]
}
}

150
2006/2xxx/CVE-2006-2511.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2511", "ID": "CVE-2006-2511",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the \"Open With...\" dialog."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060516 FrontRange iHeat Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/434400/100/0/threaded" "lang": "eng",
}, "value": "The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the \"Open With...\" dialog."
{ }
"name" : "1016124", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1016124" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20165", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20165" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "frontrange-iheat-unauth-access(26711)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26711" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1016124",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016124"
},
{
"name": "frontrange-iheat-unauth-access(26711)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26711"
},
{
"name": "20165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20165"
},
{
"name": "20060516 FrontRange iHeat Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434400/100/0/threaded"
}
]
}
}

140
2006/2xxx/CVE-2006-2720.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2720", "ID": "CVE-2006-2720",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060528 VARIOMAT(advanced cms tool)SQL injection/XSS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435290/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter."
{ }
"name" : "999", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/999" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "variomat-news-sql-injection(26872)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26872" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "999",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/999"
},
{
"name": "variomat-news-sql-injection(26872)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26872"
},
{
"name": "20060528 VARIOMAT(advanced cms tool)SQL injection/XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435290/100/0/threaded"
}
]
}
}

130
2006/2xxx/CVE-2006-2722.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2722", "ID": "CVE-2006-2722",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18196", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18196" "lang": "eng",
}, "value": "SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources."
{ }
"name" : "selectapix-multiple-scripts-sql0injection(27013)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27013" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18196"
},
{
"name": "selectapix-multiple-scripts-sql0injection(27013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27013"
}
]
}
}

160
2006/2xxx/CVE-2006-2965.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2965", "ID": "CVE-2006-2965",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the \"input box.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060606 ParticleSoft Whois v1.0.3", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/436113/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the \"input box.\""
{ }
"name" : "ADV-2006-2168", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/2168" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20490", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20490" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1071", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/1071" ]
}, },
{ "references": {
"name" : "particlewhois-index-xss(26954)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26954" "name": "20060606 ParticleSoft Whois v1.0.3",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/436113/100/0/threaded"
} },
} {
"name": "particlewhois-index-xss(26954)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26954"
},
{
"name": "1071",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1071"
},
{
"name": "ADV-2006-2168",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2168"
},
{
"name": "20490",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20490"
}
]
}
}

150
2008/5xxx/CVE-2008-5197.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5197", "ID": "CVE-2008-5197",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5961", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5961" "lang": "eng",
}, "value": "SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action."
{ }
"name" : "29995", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29995" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4640", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4640" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "classifieds-classifieds-sql-injection(43561)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43561" ]
} },
] "references": {
} "reference_data": [
} {
"name": "4640",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4640"
},
{
"name": "29995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29995"
},
{
"name": "classifieds-classifieds-sql-injection(43561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43561"
},
{
"name": "5961",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5961"
}
]
}
}

160
2011/2xxx/CVE-2011-2434.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-2434", "ID": "CVE-2011-2434",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-24.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437."
{ }
"name" : "SUSE-SA:2011:044", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2011:1239", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2011:1238", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:13217", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13217" "name": "http://www.adobe.com/support/security/bulletins/apsb11-24.html",
} "refsource": "CONFIRM",
] "url": "http://www.adobe.com/support/security/bulletins/apsb11-24.html"
} },
} {
"name": "oval:org.mitre.oval:def:13217",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13217"
},
{
"name": "SUSE-SU-2011:1239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html"
},
{
"name": "SUSE-SA:2011:044",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html"
},
{
"name": "openSUSE-SU-2011:1238",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html"
}
]
}
}

160
2011/2xxx/CVE-2011-2521.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-2521", "ID": "CVE-2011-2521",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110706 Re: CVE request: kernel: perf, x86: fix Intel fixed counters base initialization", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/07/06/4" "lang": "eng",
}, "value": "The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program."
{ }
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", ]
"refsource" : "CONFIRM", },
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc66c5210ec2539e800e87d7b3a985323c7be96e", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc66c5210ec2539e800e87d7b3a985323c7be96e" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=719228", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=719228" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/fc66c5210ec2539e800e87d7b3a985323c7be96e", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/fc66c5210ec2539e800e87d7b3a985323c7be96e" "name": "https://github.com/torvalds/linux/commit/fc66c5210ec2539e800e87d7b3a985323c7be96e",
} "refsource": "CONFIRM",
] "url": "https://github.com/torvalds/linux/commit/fc66c5210ec2539e800e87d7b3a985323c7be96e"
} },
} {
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc66c5210ec2539e800e87d7b3a985323c7be96e",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc66c5210ec2539e800e87d7b3a985323c7be96e"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
},
{
"name": "[oss-security] 20110706 Re: CVE request: kernel: perf, x86: fix Intel fixed counters base initialization",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/07/06/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=719228",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=719228"
}
]
}
}

210
2011/2xxx/CVE-2011-2689.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-2689", "ID": "CVE-2011-2689",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110713 CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/07/13/1" "lang": "eng",
}, "value": "The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6905d9e4dda6112f007e9090bca80507da158e63", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6905d9e4dda6112f007e9090bca80507da158e63" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc1", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=720861", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=720861" ]
}, },
{ "references": {
"name" : "HPSBGN02970", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2" "name": "[oss-security] 20110713 CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2011/07/13/1"
"name" : "RHSA-2011:1065", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2011-1065.html" "name": "RHSA-2011:1065",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2011-1065.html"
"name" : "48677", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48677" "name": "linux-kernel-gfs2-dos(68557)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68557"
"name" : "1025776", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025776" "name": "1025776",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1025776"
"name" : "45193", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45193" "name": "48677",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/48677"
"name" : "linux-kernel-gfs2-dos(68557)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68557" "name": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc1",
} "refsource": "CONFIRM",
] "url": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc1"
} },
} {
"name": "45193",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45193"
},
{
"name": "HPSBGN02970",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6905d9e4dda6112f007e9090bca80507da158e63",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6905d9e4dda6112f007e9090bca80507da158e63"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=720861",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=720861"
}
]
}
}

350
2011/2xxx/CVE-2011-2749.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2749", "ID": "CVE-2011-2749",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html" "lang": "eng",
}, "value": "The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet."
{ }
"name" : "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.isc.org/software/dhcp/advisories/cve-2011-2748", ]
"refsource" : "CONFIRM", }
"url" : "http://www.isc.org/software/dhcp/advisories/cve-2011-2748" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diff", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diff" "name": "USN-1190-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1190-1"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=729382", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=729382" "name": "FEDORA-2011-10705",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html"
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", },
"refsource" : "CONFIRM", {
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761" "name": "45595",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45595"
"name" : "DSA-2292", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2292" "name": "openSUSE-SU-2011:1021",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html"
"name" : "FEDORA-2011-10705", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html" "name": "DSA-2292",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2011/dsa-2292"
"name" : "GLSA-201301-06", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201301-06.xml" "name": "RHSA-2011:1160",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-1160.html"
"name" : "MDVSA-2011:128", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128" "name": "1025918",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1025918"
"name" : "RHSA-2011:1160", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1160.html" "name": "45817",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45817"
"name" : "SUSE-SU-2011:1023", },
"refsource" : "SUSE", {
"url" : "https://hermes.opensuse.org/messages/11695711" "name": "49120",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/49120"
"name" : "openSUSE-SU-2011:1021", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html" "name": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.isc.org/files/release-notes/DHCP%204.1-ESV-R3.html"
"name" : "USN-1190-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1190-1" "name": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.isc.org/files/release-notes/DHCP%203.1-ESV-R3_0.html"
"name" : "49120", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/49120" "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761",
}, "refsource": "CONFIRM",
{ "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"
"name" : "1025918", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025918" "name": "45582",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45582"
"name" : "45582", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45582" "name": "https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diff",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/attachment.cgi?id=517665&action=diff"
"name" : "45595", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45595" "name": "45918",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45918"
"name" : "45629", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45629" "name": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748",
}, "refsource": "CONFIRM",
{ "url": "http://www.isc.org/software/dhcp/advisories/cve-2011-2748"
"name" : "45639", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45639" "name": "GLSA-201301-06",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml"
"name" : "45817", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45817" "name": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.isc.org/files/release-notes/DHCP%204.2.2_0.html"
"name" : "45918", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45918" "name": "45639",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45639"
"name" : "46780", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46780" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=729382",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=729382"
} },
} {
"name": "45629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45629"
},
{
"name": "SUSE-SU-2011:1023",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/11695711"
},
{
"name": "MDVSA-2011:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:128"
},
{
"name": "46780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46780"
}
]
}
}

280
2011/3xxx/CVE-2011-3044.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3044", "ID": "CVE-2011-3044",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=116093", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=116093" "lang": "eng",
}, "value": "Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements."
{ }
"name" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5400", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5400" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT5485", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT5485" ]
}, },
{ "references": {
"name" : "http://support.apple.com/kb/HT5503", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "APPLE-SA-2012-07-25-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" "name": "APPLE-SA-2012-09-19-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
"name" : "APPLE-SA-2012-09-12-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" "name": "http://support.apple.com/kb/HT5503",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5503"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "http://code.google.com/p/chromium/issues/detail?id=116093",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=116093"
"name" : "GLSA-201203-19", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201203-19.xml" "name": "oval:org.mitre.oval:def:14830",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14830"
"name" : "openSUSE-SU-2012:0374", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html" "name": "1026759",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026759"
"name" : "52271", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52271" "name": "48527",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48527"
"name" : "oval:org.mitre.oval:def:14830", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14830" "name": "48265",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48265"
"name" : "1026759", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026759" "name": "48419",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48419"
"name" : "48527", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48527" "name": "openSUSE-SU-2012:0374",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00012.html"
"name" : "48419", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48419" "name": "APPLE-SA-2012-09-12-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
"name" : "48265", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48265" "name": "APPLE-SA-2012-07-25-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
"name" : "google-svg-animation-code-exec(73655)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73655" "name": "52271",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/52271"
} },
} {
"name": "GLSA-201203-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-19.xml"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
},
{
"name": "google-svg-animation-code-exec(73655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73655"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html"
}
]
}
}

180
2011/3xxx/CVE-2011-3097.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3097", "ID": "CVE-2011-3097",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=123733", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=123733" "lang": "eng",
}, "value": "The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions."
{ }
"name" : "http://code.google.com/p/chromium/issues/detail?id=124182", ]
"refsource" : "CONFIRM", },
"url" : "http://code.google.com/p/chromium/issues/detail?id=124182" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "53540", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/53540" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:15422", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15422" "name": "oval:org.mitre.oval:def:15422",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15422"
"name" : "1027067", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027067" "name": "http://code.google.com/p/chromium/issues/detail?id=123733",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/chromium/issues/detail?id=123733"
"name" : "chrome-sampled-functions-code-exec(75602)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75602" "name": "1027067",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1027067"
} },
} {
"name": "chrome-sampled-functions-code-exec(75602)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75602"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html"
},
{
"name": "53540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53540"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=124182",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=124182"
}
]
}
}

140
2011/4xxx/CVE-2011-4167.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2011-4167", "ID": "CVE-2011-4167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-11-353/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-11-353/" "lang": "eng",
}, "value": "Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing Administration before 2.6.4 allows remote attackers to execute arbitrary code via a long filename parameter in an uploadfile action to Default.asp."
{ }
"name" : "HPSBPI02732", ]
"refsource" : "HP", },
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT100435", "description": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "HPSBPI02732",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469"
},
{
"name": "SSRT100435",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03128469"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-353/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-353/"
}
]
}
}

130
2011/4xxx/CVE-2011-4726.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4726", "ID": "CVE-2011-4726",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/health/ and certain other files."
{ }
"name" : "plesk-server-xss(72333)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72333" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "plesk-server-xss(72333)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72333"
},
{
"name": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html",
"refsource": "MISC",
"url": "http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html"
}
]
}
}

130
2013/0xxx/CVE-2013-0358.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-0358", "ID": "CVE-2013-0358",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Resource Manager."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Resource Manager."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

130
2013/0xxx/CVE-2013-0475.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-0475", "ID": "CVE-2013-0475",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, and CVE-2013-0567."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830" "lang": "eng",
}, "value": "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-2987, CVE-2013-3020, CVE-2013-0568, and CVE-2013-0567."
{ }
"name" : "sterling-b2b-cve20130475-infodisc(81403)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81403" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sterling-b2b-cve20130475-infodisc(81403)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81403"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830"
}
]
}
}

170
2013/0xxx/CVE-2013-0722.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-0722", "ID": "CVE-2013-0722",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "23945", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/23945/" "lang": "eng",
}, "value": "Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line."
{ }
"name" : "http://www.securation.com/files/2013/01/ec.patch", ]
"refsource" : "MISC", },
"url" : "http://www.securation.com/files/2013/01/ec.patch" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=451198", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=451198" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=894092", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=894092" ]
}, },
{ "references": {
"name" : "57175", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57175" "name": "http://www.securation.com/files/2013/01/ec.patch",
}, "refsource": "MISC",
{ "url": "http://www.securation.com/files/2013/01/ec.patch"
"name" : "51731", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51731" "name": "23945",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/23945/"
} },
} {
"name": "51731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51731"
},
{
"name": "57175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57175"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=451198",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=451198"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=894092",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=894092"
}
]
}
}

180
2013/1xxx/CVE-2013-1043.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-1043", "ID": "CVE-2013-1043",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5934", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5934" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2."
{ }
"name" : "http://support.apple.com/kb/HT6001", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT6001" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2013-09-18-2", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2013-10-22-2", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2013-10-22-8", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" "name": "APPLE-SA-2013-10-22-8",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
"name" : "1029054", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029054" "name": "1029054",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029054"
"name" : "54886", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54886" "name": "http://support.apple.com/kb/HT6001",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT6001"
} },
} {
"name": "APPLE-SA-2013-10-22-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html"
},
{
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}

150
2013/1xxx/CVE-2013-1332.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-1332", "ID": "CVE-2013-1332",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka \"DirectX Graphics Kernel Subsystem Double Fetch Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-046", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-046" "lang": "eng",
}, "value": "dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka \"DirectX Graphics Kernel Subsystem Double Fetch Vulnerability.\""
{ }
"name" : "TA13-134A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-134A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16332", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16332" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "53385", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/53385" ]
} },
] "references": {
} "reference_data": [
} {
"name": "TA13-134A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-134A"
},
{
"name": "oval:org.mitre.oval:def:16332",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16332"
},
{
"name": "MS13-046",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-046"
},
{
"name": "53385",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53385"
}
]
}
}

34
2013/1xxx/CVE-2013-1355.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-1355", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-1355",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate subsequently withdrew it. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate subsequently withdrew it. Notes: none."
} }
] ]
} }
} }

170
2013/1xxx/CVE-2013-1368.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-1368", "ID": "CVE-2013-1368",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html" "lang": "eng",
}, "value": "Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373."
{ }
"name" : "RHSA-2013:0254", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0254.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2013:0296", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2013:0295", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:0298", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html" "name": "SUSE-SU-2013:0296",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html"
"name" : "TA13-043A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-043A.html" "name": "RHSA-2013:0254",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-0254.html"
} },
} {
"name": "openSUSE-SU-2013:0295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html"
},
{
"name": "openSUSE-SU-2013:0298",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html"
},
{
"name": "TA13-043A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-043A.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-05.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-05.html"
}
]
}
}

130
2013/5xxx/CVE-2013-5450.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-5450", "ID": "CVE-2013-5450",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655578", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21655578" "lang": "eng",
}, "value": "IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz authentication is enabled, allows man-in-the-middle attackers to obtain sensitive information or modify data by leveraging an improperly protected URL to obtain a session token."
{ }
"name" : "ibm-appscan-cve20135450-info-disc(88190)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88190" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-appscan-cve20135450-info-disc(88190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88190"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21655578",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21655578"
}
]
}
}

140
2013/5xxx/CVE-2013-5502.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-5502", "ID": "CVE-2013-5502",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka Bug ID CSCuj23344."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30934", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30934" "lang": "eng",
}, "value": "The web interface in Cisco MediaSense does not properly protect the client-server communication channel, which allows remote attackers to obtain sensitive query string or cookie information via unspecified vectors, aka Bug ID CSCuj23344."
{ }
"name" : "20130920 Cisco MediaSense Sensitive Data in Query String/Cookie Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5502" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "97532", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/97532" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20130920 Cisco MediaSense Sensitive Data in Query String/Cookie Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5502"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30934",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30934"
},
{
"name": "97532",
"refsource": "OSVDB",
"url": "http://osvdb.org/97532"
}
]
}
}

140
2013/5xxx/CVE-2013-5932.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5932", "ID": "CVE-2013-5932",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/" "lang": "eng",
}, "value": "Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors."
{ }
"name" : "1029039", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1029039" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "54881", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54881" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "54881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54881"
},
{
"name": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/",
"refsource": "CONFIRM",
"url": "http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/"
},
{
"name": "1029039",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029039"
}
]
}
}

160
2014/2xxx/CVE-2014-2034.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2034", "ID": "CVE-2014-2034",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to \"an unauthenticated execution path.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus" "lang": "eng",
}, "value": "Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to \"an unauthenticated execution path.\""
{ }
"name" : "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API", ]
"refsource" : "CONFIRM", },
"url" : "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "65956", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/65956" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "104049", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/104049" ]
}, },
{ "references": {
"name" : "57142", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57142" "name": "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus",
} "refsource": "CONFIRM",
] "url": "http://www.sonatype.org/advisories/archive/2014-03-03-Nexus"
} },
} {
"name": "104049",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/104049"
},
{
"name": "57142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57142"
},
{
"name": "65956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65956"
},
{
"name": "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API",
"refsource": "CONFIRM",
"url": "https://support.sonatype.com/entries/42374566-CVE-2014-2034-Nexus-Security-Advisory-REST-API"
}
]
}
}

120
2014/2xxx/CVE-2014-2049.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2049", "ID": "CVE-2014-2049",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://owncloud.org/about/security/advisories/oC-SA-2014-003/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://owncloud.org/about/security/advisories/oC-SA-2014-003/" "lang": "eng",
} "value": "The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2014-003/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2014-003/"
}
]
}
}

140
2014/2xxx/CVE-2014-2068.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2014-2068", "ID": "CVE-2014-2068",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/02/21/2" "lang": "eng",
}, "value": "The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump."
{ }
"name" : "https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14", "description": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb",
"refsource": "CONFIRM",
"url": "https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb"
},
{
"name": "[oss-security] 20140220 Re: Possible CVE Requests: several issues fixed in Jenkins (Advisory 2014-02-14)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/02/21/2"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"
}
]
}
}

150
2017/0xxx/CVE-2017-0117.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0117", "ID": "CVE-2017-0117",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows Uniscribe", "product_name": "Windows Uniscribe",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" "version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41655", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41655/" "lang": "eng",
}, "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96679", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96679" "lang": "eng",
}, "value": "Information Disclosure"
{ }
"name" : "1037992", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037992" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1037992",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037992"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0117"
},
{
"name": "41655",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41655/"
},
{
"name": "96679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96679"
}
]
}
}

34
2017/0xxx/CVE-2017-0959.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-0959", "ID": "CVE-2017-0959",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/12xxx/CVE-2017-12050.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12050", "ID": "CVE-2017-12050",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/12xxx/CVE-2017-12564.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12564", "ID": "CVE-2017-12564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/601", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/601" "lang": "eng",
}, "value": "In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service."
{ }
"name" : "100161", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100161" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100161"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/601",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/601"
}
]
}
}

130
2017/12xxx/CVE-2017-12720.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-12720", "ID": "CVE-2017-12720",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump", "product_name": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump" "version_value": "Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A" "lang": "eng",
}, "value": "An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections."
{ }
"name" : "100665", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100665" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A"
},
{
"name": "100665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100665"
}
]
}
}

132
2017/16xxx/CVE-2017-16110.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16110", "ID": "CVE-2017-16110",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "weather.swlyons node module", "product_name": "weather.swlyons node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/weather.swlyons", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/weather.swlyons" "lang": "eng",
}, "value": "weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
{ }
"name" : "https://nodesecurity.io/advisories/379", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/379" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/379",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/379"
},
{
"name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/weather.swlyons",
"refsource": "MISC",
"url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/weather.swlyons"
}
]
}
}

132
2017/16xxx/CVE-2017-16121.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16121", "ID": "CVE-2017-16121",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "datachannel-client node module", "product_name": "datachannel-client node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/datachannel-client", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/datachannel-client" "lang": "eng",
}, "value": "datachannel-client is a signaling implementation for DataChannel.js. datachannel-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
{ }
"name" : "https://nodesecurity.io/advisories/391", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/391" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/391",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/391"
},
{
"name": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/datachannel-client",
"refsource": "MISC",
"url": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/datachannel-client"
}
]
}
}

132
2017/16xxx/CVE-2017-16201.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16201", "ID": "CVE-2017-16201",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "zjjserver node module", "product_name": "zjjserver node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/zjjserver", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/zjjserver" "lang": "eng",
}, "value": "zjjserver is a static file server. zjjserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
{ }
"name" : "https://nodesecurity.io/advisories/427", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/427" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/zjjserver",
"refsource": "MISC",
"url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/zjjserver"
},
{
"name": "https://nodesecurity.io/advisories/427",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/427"
}
]
}
}

130
2017/16xxx/CVE-2017-16815.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16815", "ID": "CVE-2017-16815",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values \"url_new\" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and \"logging\" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://packetstormsecurity.com/files/144914/WordPress-Duplicator-Migration-1.2.28-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://packetstormsecurity.com/files/144914/WordPress-Duplicator-Migration-1.2.28-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values \"url_new\" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and \"logging\" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly."
{ }
"name" : "https://snapcreek.com/duplicator/docs/changelog", ]
"refsource" : "MISC", },
"url" : "https://snapcreek.com/duplicator/docs/changelog" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/144914/WordPress-Duplicator-Migration-1.2.28-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/144914/WordPress-Duplicator-Migration-1.2.28-Cross-Site-Scripting.html"
},
{
"name": "https://snapcreek.com/duplicator/docs/changelog",
"refsource": "MISC",
"url": "https://snapcreek.com/duplicator/docs/changelog"
}
]
}
}

120
2017/16xxx/CVE-2017-16922.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16922", "ID": "CVE-2017-16922",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/WowzaMediaSystems/public_cve/blob/master/wowza-streaming-engine/CVE-2017-16922.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/WowzaMediaSystems/public_cve/blob/master/wowza-streaming-engine/CVE-2017-16922.txt" "lang": "eng",
} "value": "In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Streaming Engine before 4.7.1, traversal of the directory structure and retrieval of a file are possible via a remote, specifically crafted HTTP request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/WowzaMediaSystems/public_cve/blob/master/wowza-streaming-engine/CVE-2017-16922.txt",
"refsource": "CONFIRM",
"url": "https://github.com/WowzaMediaSystems/public_cve/blob/master/wowza-streaming-engine/CVE-2017-16922.txt"
}
]
}
}

34
2017/4xxx/CVE-2017-4202.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4202", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4202",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4257.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4257", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4257",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2018/18xxx/CVE-2018-18239.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18239", "ID": "CVE-2018-18239",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

122
2018/5xxx/CVE-2018-5412.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cert@cert.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2018-5412", "ID": "CVE-2018-5412",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SecureSphere", "product_name": "SecureSphere",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "=", "affected": "=",
"version_value" : "12.0.0.50" "version_value": "12.0.0.50"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Imperva" "vendor_name": "Imperva"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-77"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45132", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45132" "lang": "eng",
} "value": "Imperva SecureSphere running v12.0.0.50 is vulnerable to local arbitrary code execution, escaping sealed-mode."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45132",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45132"
}
]
}
}

266
2018/5xxx/CVE-2018-5553.json
View File

@ -1,135 +1,135 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"AKA" : "", "AKA": "",
"ASSIGNER" : "cve@rapid7.com", "ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC" : "2018-06-12T10:00:00.000Z", "DATE_PUBLIC": "2018-06-12T10:00:00.000Z",
"ID" : "CVE-2018-5553", "ID": "CVE-2018-5553",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Crestron DGE-100 Console Command Injection (FIXED)" "TITLE": "Crestron DGE-100 Console Command Injection (FIXED)"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "DGE-100", "product_name": "DGE-100",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"platform" : "", "platform": "",
"version_name" : "", "version_name": "",
"version_value" : "1.3384.00049.001" "version_value": "1.3384.00049.001"
} }
] ]
} }
}, },
{ {
"product_name" : "TS-1542-C", "product_name": "TS-1542-C",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"platform" : "", "platform": "",
"version_name" : "", "version_name": "",
"version_value" : "1.3384.00049.001" "version_value": "1.3384.00049.001"
} }
] ]
} }
}, },
{ {
"product_name" : "DM-DGE-200-C", "product_name": "DM-DGE-200-C",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"platform" : "", "platform": "",
"version_name" : "", "version_name": "",
"version_value" : "1.3384.00049.001" "version_value": "1.3384.00049.001"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Crestron" "vendor_name": "Crestron"
} }
]
}
},
"configuration" : [],
"credit" : [
{
"lang" : "eng",
"value" : "This issue was discovered by Rapid7 researchers Cale Black and Jordan Larose. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access."
}
]
},
"exploit" : [],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9.8,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : " CWE-78 (Improper Neutralization of Special Elements used in an OS Command)"
}
] ]
} }
] },
}, "configuration": [],
"references" : { "credit": [
"reference_data" : [ {
{ "lang": "eng",
"name" : "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/", "value": "This issue was discovered by Rapid7 researchers Cale Black and Jordan Larose. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
"refsource" : "MISC", }
"url" : "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/" ],
}, "data_format": "MITRE",
{ "data_type": "CVE",
"name" : "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553", "data_version": "4.0",
"refsource" : "CONFIRM", "description": {
"url" : "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553" "description_data": [
} {
] "lang": "eng",
}, "value": "The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access."
"solution" : [ }
{ ]
"lang" : "eng", },
"value" : "Users should update affected devices to the latest firmware version (1.3384.00059.001 or higher) available from Crestron's product pages." "exploit": [],
} "impact": {
], "cvss": {
"source" : { "attackComplexity": "LOW",
"advisory" : "R7-2018-15", "attackVector": "NETWORK",
"defect" : [], "availabilityImpact": "HIGH",
"discovery" : "EXTERNAL" "baseScore": 9.8,
}, "baseSeverity": "CRITICAL",
"work_around" : [] "confidentialityImpact": "HIGH",
} "integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": " CWE-78 (Improper Neutralization of Special Elements used in an OS Command)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553",
"refsource": "CONFIRM",
"url": "https://support.crestron.com/app/answers/answer_view/a_id/5471/~/the-latest-details-from-crestron-on-security-and-safety-on-the-internet#CVE%C2%AD-2018%C2%AD-5553"
},
{
"name": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2018/06/12/r7-2018-15-cve-2018-5553-crestron-dge-100-console-command-injection-fixed/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Users should update affected devices to the latest firmware version (1.3384.00059.001 or higher) available from Crestron's product pages."
}
],
"source": {
"advisory": "R7-2018-15",
"defect": [],
"discovery": "EXTERNAL"
},
"work_around": []
}

160
2018/5xxx/CVE-2018-5807.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2018-5807", "ID": "CVE-2018-5807",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "LibRaw", "product_name": "LibRaw",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Prior to 0.18.9" "version_value": "Prior to 0.18.9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An error within the \"samsung_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS (Denial of Service) through out-of-bounds read memory access"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" "lang": "eng",
}, "value": "An error within the \"samsung_load_raw()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash."
{ }
"name" : "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9", ]
"refsource" : "MISC", },
"url" : "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/", "description": [
"refsource" : "MISC", {
"url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/" "lang": "eng",
}, "value": "DoS (Denial of Service) through out-of-bounds read memory access"
{ }
"name" : "USN-3838-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3838-1/" ]
}, },
{ "references": {
"name" : "81800", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "https://secuniaresearch.flexerasoftware.com/advisories/81800/" "name": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt",
} "refsource": "MISC",
] "url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"
} },
} {
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-10/"
},
{
"name": "81800",
"refsource": "SECUNIA",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/81800/"
},
{
"name": "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9",
"refsource": "MISC",
"url": "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"name": "USN-3838-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3838-1/"
}
]
}
}

120
2018/5xxx/CVE-2018-5993.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5993", "ID": "CVE-2018-5993",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44106", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://exploit-db.com/exploits/44106" "lang": "eng",
} "value": "SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44106",
"refsource": "EXPLOIT-DB",
"url": "https://exploit-db.com/exploits/44106"
}
]
}
}