admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:31:14 +00:00
parent 92be197684
commit 1413bc8077
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3600 additions and 3600 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
2002/0xxx/CVE-2002-0013.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0013",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0013",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available."
"lang": "eng",
"value": "Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html",
"refsource" : "MISC",
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html"
"name": "RHSA-2001:163",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-163.html"
},
{
"name" : "CA-2002-03",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2002-03.html"
"name": "57404",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57404-1"
},
{
"name" : "20020212 PROTOS Remote SNMP Attack Tool",
"refsource" : "ISS",
"url" : "http://www.iss.net/security_center/alerts/advise110.php"
"name": "MS02-006",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006"
},
{
"name" : "VU#854306",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/854306"
"name": "oval:org.mitre.oval:def:87",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A87"
},
{
"name" : "RHSA-2001:163",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2001-163.html"
"name": "20020201-01-A",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A"
},
{
"name" : "20020201-01-A",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A"
"name": "CA-2002-03",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-03.html"
},
{
"name" : "MS02-006",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-006"
"name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html",
"refsource": "MISC",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html"
},
{
"name" : "57404",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57404-1"
"name": "oval:org.mitre.oval:def:298",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A298"
},
{
"name" : "oval:org.mitre.oval:def:87",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A87"
"name": "VU#854306",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/854306"
},
{
"name" : "oval:org.mitre.oval:def:298",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A298"
"name": "20020212 PROTOS Remote SNMP Attack Tool",
"refsource": "ISS",
"url": "http://www.iss.net/security_center/alerts/advise110.php"
}
]
}

92
2002/0xxx/CVE-2002-0142.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0142",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0142",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters."
"lang": "eng",
"value": "CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20020114 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/250126"
"name": "http://sourceforge.net/tracker/index.php?func=detail&aid=505583&group_id=17753&atid=317753",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=505583&group_id=17753&atid=317753"
},
{
"name" : "20020121 Re: Pi3Web Webserver v2.0 Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101164598828093&w=2"
"name": "20020114 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/250126"
},
{
"name" : "20020113 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=101102275316307&w=2"
"name": "pi3web-long-parameter-bo(7880)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7880.php"
},
{
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=505583&group_id=17753&atid=317753",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=505583&group_id=17753&atid=317753"
"name": "20020121 Re: Pi3Web Webserver v2.0 Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101164598828093&w=2"
},
{
"name" : "3866",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3866"
"name": "20020113 Pi3Web Webserver v2.0 Buffer Overflow Vulnerability",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=101102275316307&w=2"
},
{
"name" : "pi3web-long-parameter-bo(7880)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7880.php"
"name": "3866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3866"
}
]
}

22
2002/0xxx/CVE-2002-0365.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0365",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0365",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2002/0xxx/CVE-2002-0474.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0474",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0474",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag."
"lang": "eng",
"value": "Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20020329 Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/264897"
"name": "zeroforum-img-css(8702)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8702.php"
},
{
"name" : "4394",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4394"
"name": "4394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4394"
},
{
"name" : "zeroforum-img-css(8702)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8702.php"
"name": "20020329 Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/264897"
}
]
}

74
2002/0xxx/CVE-2002-0964.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0964",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0964",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out."
"lang": "eng",
"value": "Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20020620 Half-life fake players bug",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0248.html"
"name": "halflife-mulitple-player-dos(9412)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9412.php"
},
{
"name" : "halflife-mulitple-player-dos(9412)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9412.php"
"name": "5076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5076"
},
{
"name" : "5076",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5076"
"name": "20020620 Half-life fake players bug",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0248.html"
}
]
}

80
2002/1xxx/CVE-2002-1114.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1114",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1114",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie."
"lang": "eng",
"value": "config_inc2.php in Mantis before 0.17.4 allows remote attackers to execute arbitrary code or read arbitrary files via the parameters (1) g_bottom_include_page, (2) g_top_include_page, (3) g_css_include_file, (4) g_meta_include_file, or (5) a cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102978711618648&w=2"
"name": "20020819 [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102978711618648&w=2"
},
{
"name" : "DSA-153",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-153"
"name": "mantis-configinc-var-include(9900)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9900.php"
},
{
"name" : "mantis-configinc-var-include(9900)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9900.php"
"name": "DSA-153",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-153"
},
{
"name" : "5509",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5509"
"name": "5509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5509"
}
]
}

86
2002/1xxx/CVE-2002-1228.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1228",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1228",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon."
"lang": "eng",
"value": "Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "47815",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-47815-1"
"name": "47815",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-47815-1"
},
{
"name" : "20021017 NFS Denial of Service advisory from Sun",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103487058823193&w=2"
"name": "solaris-nfs-lockd-dos(10394)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10394.php"
},
{
"name" : "VU#855635",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/855635"
"name": "20021017 NFS Denial of Service advisory from Sun",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103487058823193&w=2"
},
{
"name" : "5986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5986"
"name": "VU#855635",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/855635"
},
{
"name" : "solaris-nfs-lockd-dos(10394)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10394.php"
"name": "5986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5986"
}
]
}

80
2002/1xxx/CVE-2002-1501.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1501",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1501",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078."
"lang": "eng",
"value": "The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20020913 Scan against Enterasys SSR8000 crash the system",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0141.html"
"name": "5703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5703"
},
{
"name" : "http://www.enterasys.com/support/techtips/tk0659-9.html",
"refsource" : "MISC",
"url" : "http://www.enterasys.com/support/techtips/tk0659-9.html"
"name": "20020913 Scan against Enterasys SSR8000 crash the system",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0141.html"
},
{
"name" : "5703",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5703"
"name": "http://www.enterasys.com/support/techtips/tk0659-9.html",
"refsource": "MISC",
"url": "http://www.enterasys.com/support/techtips/tk0659-9.html"
},
{
"name" : "smartswitch-portscan-dos(10096)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10096.php"
"name": "smartswitch-portscan-dos(10096)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10096.php"
}
]
}

80
2002/1xxx/CVE-2002-1570.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1570",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1570",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array."
"lang": "eng",
"value": "Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20020103 Heap overflow in snmpnetstat",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/248141"
"name": "20020103 Heap overflow in snmpnetstat",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/248141"
},
{
"name" : "CLA-2003:696",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000696"
"name": "CLA-2003:696",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000696"
},
{
"name" : "3780",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3780"
"name": "netsnmp-snmpnetstat-heap-overflow(7776)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7776"
},
{
"name" : "netsnmp-snmpnetstat-heap-overflow(7776)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7776"
"name": "3780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3780"
}
]
}

86
2002/1xxx/CVE-2002-1841.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1841",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1841",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4."
"lang": "eng",
"value": "The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20020702 Noguska Nola 1.1.1 [ Intranet Business Management Software ]",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/280340"
"name": "20020625 Noguska Nola 1.1.1 [ Intranet Business Management Software ]",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=102511114021370&w=2"
},
{
"name" : "20020625 Noguska Nola 1.1.1 [ Intranet Business Management Software ]",
"refsource" : "VULN-DEV",
"url" : "http://marc.info/?l=vuln-dev&m=102511114021370&w=2"
"name": "20020702 Re: Noguska Nola 1.1.1 [ Intranet Business Management Software ]",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=102520790718208&w=2"
},
{
"name" : "20020702 Re: Noguska Nola 1.1.1 [ Intranet Business Management Software ]",
"refsource" : "VULN-DEV",
"url" : "http://marc.info/?l=vuln-dev&m=102520790718208&w=2"
"name": "20020702 Noguska Nola 1.1.1 [ Intranet Business Management Software ]",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/280340"
},
{
"name" : "5116",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5116"
"name": "nola-php-script-upload(9438)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9438.php"
},
{
"name" : "nola-php-script-upload(9438)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9438.php"
"name": "5116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5116"
}
]
}

80
2002/2xxx/CVE-2002-2336.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2336",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2336",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets."
"lang": "eng",
"value": "Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20021008 Multiple Vendor PC firewall remote denial of services Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/294411"
"name": "20021008 Re: Multiple Vendor PC firewall remote denial of services Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0156.html"
},
{
"name" : "20021008 Re: Multiple Vendor PC firewall remote denial of services Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0156.html"
"name": "20021008 Multiple Vendor PC firewall remote denial of services Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/294411"
},
{
"name" : "5917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5917"
"name": "5917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5917"
},
{
"name" : "firewall-autoblock-spoofing-dos(10314)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10314.php"
"name": "firewall-autoblock-spoofing-dos(10314)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10314.php"
}
]
}

74
2002/2xxx/CVE-2002-2363.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2363",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2363",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges."
"lang": "eng",
"value": "VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBUX0208-214",
"refsource" : "HP",
"url" : "http://archives.neohapsis.com/archives/hp/2002-q3/0064.html"
"name": "5583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5583"
},
{
"name" : "5583",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5583"
"name": "hp-vje-gain-privileges(9993)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9993.php"
},
{
"name" : "hp-vje-gain-privileges(9993)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9993.php"
"name": "HPSBUX0208-214",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2002-q3/0064.html"
}
]
}

80
2003/0xxx/CVE-2003-0136.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0136",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0136",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file."
"lang": "eng",
"value": "psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366"
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366"
},
{
"name" : "DSA-285",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-285"
"name": "RHSA-2003:142",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-142.html"
},
{
"name" : "RHSA-2003:142",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-142.html"
"name": "DSA-285",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-285"
},
{
"name" : "oval:org.mitre.oval:def:423",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A423"
"name": "oval:org.mitre.oval:def:423",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A423"
}
]
}

74
2003/0xxx/CVE-2003-0408.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0408",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0408",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other versions, allows local users to gain privileges via a long -p argument."
"lang": "eng",
"value": "Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other versions, allows local users to gain privileges via a long -p argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030527 NuxAcid#002 - Buffer Overflow in UpClient",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105405629622652&w=2"
"name": "upclient-command-line-bo(12131)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/12131.php"
},
{
"name" : "upclient-command-line-bo(12131)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/12131.php"
"name": "7703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7703"
},
{
"name" : "7703",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7703"
"name": "20030527 NuxAcid#002 - Buffer Overflow in UpClient",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105405629622652&w=2"
}
]
}

68
2003/0xxx/CVE-2003-0491.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0491",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0491",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file."
"lang": "eng",
"value": "The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030614 Directory traversal vulnerability on Xoops/E-xoops CMS module \"tutorials\"",
"refsource" : "VULN-DEV",
"url" : "http://marc.info/?l=vuln-dev&m=105577873506147&w=2"
"name": "20030614 Directory traversal vulnerability on Xoops/E-xoops CMS module \"tutorials\"",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=105577873506147&w=2"
},
{
"name" : "20030616 Directory traversal vulnerability on Xoops/E-xoops CMS module \"tutorials\"",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=vuln-dev&m=105577873506147&w=2"
"name": "20030616 Directory traversal vulnerability on Xoops/E-xoops CMS module \"tutorials\"",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=vuln-dev&m=105577873506147&w=2"
}
]
}

68
2009/5xxx/CVE-2009-5055.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5055",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5055",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2."
"lang": "eng",
"value": "Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://bugs.otrs.org/show_bug.cgi?id=4105",
"refsource" : "CONFIRM",
"url" : "http://bugs.otrs.org/show_bug.cgi?id=4105"
"name": "http://bugs.otrs.org/show_bug.cgi?id=4105",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=4105"
},
{
"name" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource" : "CONFIRM",
"url" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}

22
2012/0xxx/CVE-2012-0408.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0408",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-0408",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}

122
2012/0xxx/CVE-2012-0452.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0452",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0452",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding."
"lang": "eng",
"value": "Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-10.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-10.html"
"name": "48110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48110"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=724284",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=724284"
"name": "SUSE-SU-2012:0261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00013.html"
},
{
"name" : "MDVSA-2012:017",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:017"
"name": "MDVSA-2012:017",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:017"
},
{
"name" : "MDVSA-2012:018",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:018"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=724284",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=724284"
},
{
"name" : "SUSE-SU-2012:0261",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00013.html"
"name": "MDVSA-2012:018",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:018"
},
{
"name" : "openSUSE-SU-2012:0258",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00012.html"
"name": "49055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49055"
},
{
"name" : "USN-1360-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1360-1"
"name": "openSUSE-SU-2012:0258",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00012.html"
},
{
"name" : "51975",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51975"
"name": "USN-1360-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1360-1"
},
{
"name" : "oval:org.mitre.oval:def:15017",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15017"
"name": "oval:org.mitre.oval:def:15017",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15017"
},
{
"name" : "49055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49055"
"name": "51975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51975"
},
{
"name" : "48110",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48110"
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-10.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-10.html"
}
]
}

22
2012/1xxx/CVE-2012-1359.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1359",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1359",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2012/1xxx/CVE-2012-1388.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1388",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1388",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) application 0.6.2 beta for Android has unknown impact and attack vectors."
"lang": "eng",
"value": "Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) application 0.6.2 beta for Android has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1388-vulnerability-in-XiXunTianTian.html",
"refsource" : "MISC",
"url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1388-vulnerability-in-XiXunTianTian.html"
"name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1388-vulnerability-in-XiXunTianTian.html",
"refsource": "MISC",
"url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1388-vulnerability-in-XiXunTianTian.html"
}
]
}

68
2012/3xxx/CVE-2012-3218.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3218",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3218",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security Groups."
"lang": "eng",
"value": "Unspecified vulnerability in the Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security Groups."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}

22
2012/3xxx/CVE-2012-3850.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3850",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3850",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

80
2012/4xxx/CVE-2012-4016.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4016",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-4016",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application."
"lang": "eng",
"value": "The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "JVN#93344001",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN93344001/index.html"
"name": "55728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55728"
},
{
"name" : "JVNDB-2012-000089",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000089"
"name": "JVN#93344001",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN93344001/index.html"
},
{
"name" : "55728",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55728"
"name": "85808",
"refsource": "OSVDB",
"url": "http://osvdb.org/85808"
},
{
"name" : "85808",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85808"
"name": "JVNDB-2012-000089",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000089"
}
]
}

86
2012/4xxx/CVE-2012-4019.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4019",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-4019",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on Girls Interface (CGI) Tokyo BBS allows remote attackers to inject arbitrary web script or HTML via vectors related to the error page."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on Girls Interface (CGI) Tokyo BBS allows remote attackers to inject arbitrary web script or HTML via vectors related to the error page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://jvn.jp/en/jp/JVN00322303/995209/index.html",
"refsource" : "CONFIRM",
"url" : "http://jvn.jp/en/jp/JVN00322303/995209/index.html"
"name": "JVN#00322303",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN00322303/index.html"
},
{
"name" : "JVN#00322303",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN00322303/index.html"
"name": "JVNDB-2012-000093",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000093"
},
{
"name" : "JVNDB-2012-000093",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000093"
"name": "86722",
"refsource": "OSVDB",
"url": "http://osvdb.org/86722"
},
{
"name" : "86722",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86722"
"name": "tokyobbs-tokyobbs-xss(79633)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79633"
},
{
"name" : "tokyobbs-tokyobbs-xss(79633)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79633"
"name": "http://jvn.jp/en/jp/JVN00322303/995209/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN00322303/995209/index.html"
}
]
}

62
2012/4xxx/CVE-2012-4114.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4114",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-4114",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949."
"lang": "eng",
"value": "The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20131017 Cisco Unified Computing System Fabric Interconnect Command Injection Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4114"
"name": "20131017 Cisco Unified Computing System Fabric Interconnect Command Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4114"
}
]
}

80
2012/4xxx/CVE-2012-4359.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4359",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4359",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358."
"lang": "eng",
"value": "Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://aluigi.org/adv/winlog_2-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.org/adv/winlog_2-adv.txt"
"name": "http://aluigi.org/adv/winlog_2-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/winlog_2-adv.txt"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf"
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf"
},
{
"name" : "http://www.sielcosistemi.com/en/news/index.html?id=70",
"refsource" : "CONFIRM",
"url" : "http://www.sielcosistemi.com/en/news/index.html?id=70"
"name": "49395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49395"
},
{
"name" : "49395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49395"
"name": "http://www.sielcosistemi.com/en/news/index.html?id=70",
"refsource": "CONFIRM",
"url": "http://www.sielcosistemi.com/en/news/index.html?id=70"
}
]
}

80
2012/4xxx/CVE-2012-4475.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4475",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4475",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and answers via unspecified vectors."
"lang": "eng",
"value": "The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and answers via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/10/04/3"
"name": "http://drupal.org/node/1648204",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1648204"
},
{
"name" : "http://drupal.org/node/1679532",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1679532"
"name": "http://drupal.org/node/1679532",
"refsource": "MISC",
"url": "http://drupal.org/node/1679532"
},
{
"name" : "http://drupal.org/node/1648200",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1648200"
"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"
},
{
"name" : "http://drupal.org/node/1648204",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1648204"
"name": "http://drupal.org/node/1648200",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1648200"
}
]
}

22
2012/4xxx/CVE-2012-4631.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4631",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4631",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2017/2xxx/CVE-2017-2042.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2042",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2042",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}

78
2017/2xxx/CVE-2017-2304.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"ID" : "CVE-2017-2304",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2304",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices",
"version" : {
"version_data" : [
"product_name": "Junos OS running on QFX3500, QFX3600, QFX5100, QFX5200, EX4300, EX4600 devices",
"version": {
"version_data": [
{
"version_value" : "14.1X53 prior to 14.1X53-D40"
"version_value": "14.1X53 prior to 14.1X53-D40"
},
{
"version_value" : "15.1X53 prior to 15.1X53-D40"
"version_value": "15.1X53 prior to 15.1X53-D40"
},
{
"version_value" : "15.1 prior to 15.1R2"
"version_value": "15.1 prior to 15.1R2"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
"vendor_name": "Juniper Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'"
"lang": "eng",
"value": "Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is also known as 'Etherleak'"
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "information leak"
"lang": "eng",
"value": "information leak"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://kb.juniper.net/JSA10773",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10773"
"name": "1037593",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037593"
},
{
"name" : "95403",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95403"
"name": "95403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95403"
},
{
"name" : "1037593",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037593"
"name": "https://kb.juniper.net/JSA10773",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10773"
}
]
}

110
2017/2xxx/CVE-2017-2466.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2466",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2466",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "41812",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41812/"
"name": "1038137",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038137"
},
{
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1097",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1097"
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1097",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1097"
},
{
"name" : "https://twitter.com/ifsecure/status/849292853792657413",
"refsource" : "MISC",
"url" : "https://twitter.com/ifsecure/status/849292853792657413"
"name": "https://support.apple.com/HT207601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207601"
},
{
"name" : "https://support.apple.com/HT207600",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207600"
"name": "97130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97130"
},
{
"name" : "https://support.apple.com/HT207601",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207601"
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name" : "https://support.apple.com/HT207617",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207617"
"name": "https://twitter.com/ifsecure/status/849292853792657413",
"refsource": "MISC",
"url": "https://twitter.com/ifsecure/status/849292853792657413"
},
{
"name" : "GLSA-201706-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-15"
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207600"
},
{
"name" : "97130",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97130"
"name": "41812",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41812/"
},
{
"name" : "1038137",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038137"
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}

22
2017/2xxx/CVE-2017-2560.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2560",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2560",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

206
2017/2xxx/CVE-2017-2620.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2017-2620",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2620",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Qemu:",
"version" : {
"version_data" : [
"product_name": "Qemu:",
"version": {
"version_data": [
{
"version_value" : "2.8"
"version_value": "2.8"
}
]
}
}
]
},
"vendor_name" : "QEMU"
"vendor_name": "QEMU"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process."
"lang": "eng",
"value": "Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process."
}
]
},
"impact" : {
"cvss" : [
"impact": {
"cvss": [
[
{
"vectorString" : "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version" : "3.0"
"vectorString": "5.5/CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
[
{
"vectorString" : "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version" : "2.0"
"vectorString": "4.9/AV:A/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-787"
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/21/1"
"name": "RHSA-2017:0329",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
},
{
"name" : "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"
"name": "RHSA-2017:0334",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"name" : "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
"name": "1037870",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037870"
},
{
"name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"name": "RHSA-2017:0328",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"
"name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"name" : "https://xenbits.xen.org/xsa/advisory-209.html",
"refsource" : "CONFIRM",
"url" : "https://xenbits.xen.org/xsa/advisory-209.html"
"name": "RHSA-2017:0333",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
},
{
"name" : "https://support.citrix.com/article/CTX220771",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX220771"
"name": "RHSA-2017:0351",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0351.html"
},
{
"name" : "GLSA-201703-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201703-07"
"name": "RHSA-2017:0454",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
},
{
"name" : "GLSA-201704-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201704-01"
"name": "https://xenbits.xen.org/xsa/advisory-209.html",
"refsource": "CONFIRM",
"url": "https://xenbits.xen.org/xsa/advisory-209.html"
},
{
"name" : "RHSA-2017:0328",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
"name": "RHSA-2017:0331",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
},
{
"name" : "RHSA-2017:0329",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620"
},
{
"name" : "RHSA-2017:0330",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
"name": "[oss-security] 20170221 CVE-2017-2620 Qemu: display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/1"
},
{
"name" : "RHSA-2017:0331",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
"name": "RHSA-2017:0350",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"name" : "RHSA-2017:0332",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
"name": "[debian-lts-announce] 20180206 [SECURITY] [DLA 1270-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html"
},
{
"name" : "RHSA-2017:0333",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
"name": "RHSA-2017:0396",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
},
{
"name" : "RHSA-2017:0334",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
"name": "GLSA-201704-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-01"
},
{
"name" : "RHSA-2017:0350",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
"name": "[qemu-devel] 20170221 [PATCH] cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html"
},
{
"name" : "RHSA-2017:0351",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0351.html"
"name": "RHSA-2017:0352",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0352.html"
},
{
"name" : "RHSA-2017:0352",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0352.html"
"name": "RHSA-2017:0330",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
},
{
"name" : "RHSA-2017:0396",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
"name": "RHSA-2017:0332",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
},
{
"name" : "RHSA-2017:0454",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
"name": "96378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96378"
},
{
"name" : "96378",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96378"
"name": "https://support.citrix.com/article/CTX220771",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX220771"
},
{
"name" : "1037870",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037870"
"name": "GLSA-201703-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201703-07"
}
]
}

86
2017/2xxx/CVE-2017-2984.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-2984",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-2984",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Adobe Flash Player 24.0.0.194 and earlier.",
"version" : {
"version_data" : [
"product_name": "Adobe Flash Player 24.0.0.194 and earlier.",
"version": {
"version_data": [
{
"version_value" : "Adobe Flash Player 24.0.0.194 and earlier."
"version_value": "Adobe Flash Player 24.0.0.194 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution."
"lang": "eng",
"value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Heap Overflow"
"lang": "eng",
"value": "Heap Overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html"
"name": "GLSA-201702-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-20"
},
{
"name" : "GLSA-201702-20",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-20"
"name": "RHSA-2017:0275",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html"
},
{
"name" : "RHSA-2017:0275",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0275.html"
"name": "96193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96193"
},
{
"name" : "96193",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96193"
"name": "1037815",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037815"
},
{
"name" : "1037815",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037815"
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html"
}
]
}

92
2017/2xxx/CVE-2017-2986.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-2986",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-2986",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Adobe Flash Player 24.0.0.194 and earlier.",
"version" : {
"version_data" : [
"product_name": "Adobe Flash Player 24.0.0.194 and earlier.",
"version": {
"version_data": [
{
"version_value" : "Adobe Flash Player 24.0.0.194 and earlier."
"version_value": "Adobe Flash Player 24.0.0.194 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution."
"lang": "eng",
"value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Heap Overflow"
"lang": "eng",
"value": "Heap Overflow"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "41423",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41423/"
"name": "GLSA-201702-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-20"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html"
"name": "RHSA-2017:0275",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html"
},
{
"name" : "GLSA-201702-20",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201702-20"
"name": "96193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96193"
},
{
"name" : "RHSA-2017:0275",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0275.html"
"name": "1037815",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037815"
},
{
"name" : "96193",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96193"
"name": "41423",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41423/"
},
{
"name" : "1037815",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037815"
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html"
}
]
}

86
2017/6xxx/CVE-2017-6316.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6316",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6316",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID."
"lang": "eng",
"value": "Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "42345",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42345/"
"name": "1039019",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039019"
},
{
"name" : "42346",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42346/"
"name": "https://support.citrix.com/article/CTX225990",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX225990"
},
{
"name" : "https://support.citrix.com/article/CTX225990",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX225990"
"name": "42345",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42345/"
},
{
"name" : "99943",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99943"
"name": "99943",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99943"
},
{
"name" : "1039019",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039019"
"name": "42346",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42346/"
}
]
}

62
2017/6xxx/CVE-2017-6844.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6844",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6844",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file."
"lang": "eng",
"value": "Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp/"
"name": "https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp/"
}
]
}

68
2017/7xxx/CVE-2017-7302.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7302",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7302",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash."
"lang": "eng",
"value": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a swap_std_reloc_out function in bfd/aoutx.h that is vulnerable to an invalid read (of size 4) because of missing checks for relocs that could not be recognised. This vulnerability causes Binutils utilities like strip to crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20921",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20921"
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20921",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20921"
},
{
"name" : "97216",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97216"
"name": "97216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97216"
}
]
}

110
2017/7xxx/CVE-2017-7548.json
View File

@ -1,103 +1,103 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2017-08-10T00:00:00",
"ID" : "CVE-2017-7548",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-08-10T00:00:00",
"ID": "CVE-2017-7548",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "postgresql",
"version" : {
"version_data" : [
"product_name": "postgresql",
"version": {
"version_data": [
{
"version_value" : "9.4.x before 9.4.13"
"version_value": "9.4.x before 9.4.13"
},
{
"version_value" : "9.5.x before 9.5.8"
"version_value": "9.5.x before 9.5.8"
},
{
"version_value" : "9.6.x before 9.6.4"
"version_value": "9.6.x before 9.6.4"
}
]
}
}
]
},
"vendor_name" : "PostgreSQL"
"vendor_name": "PostgreSQL"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service."
"lang": "eng",
"value": "PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers with no privileges on a large object to overwrite the entire contents of the object, resulting in a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-862"
"lang": "eng",
"value": "CWE-862"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.postgresql.org/about/news/1772/",
"refsource" : "CONFIRM",
"url" : "https://www.postgresql.org/about/news/1772/"
"name": "DSA-3936",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3936"
},
{
"name" : "DSA-3936",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3936"
"name": "RHSA-2017:2678",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2678"
},
{
"name" : "DSA-3935",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3935"
"name": "DSA-3935",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3935"
},
{
"name" : "GLSA-201710-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-06"
"name": "1039142",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039142"
},
{
"name" : "RHSA-2017:2677",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2677"
"name": "https://www.postgresql.org/about/news/1772/",
"refsource": "CONFIRM",
"url": "https://www.postgresql.org/about/news/1772/"
},
{
"name" : "RHSA-2017:2678",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2678"
"name": "100276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100276"
},
{
"name" : "100276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100276"
"name": "GLSA-201710-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-06"
},
{
"name" : "1039142",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039142"
"name": "RHSA-2017:2677",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2677"
}
]
}

104
2018/10xxx/CVE-2018-10087.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10087",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10087",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value."
"lang": "eng",
"value": "The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
"name": "USN-3696-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3696-1/"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4"
"name": "https://news.ycombinator.com/item?id=2972021",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=2972021"
},
{
"name" : "https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4"
"name": "USN-3754-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3754-1/"
},
{
"name" : "https://news.ycombinator.com/item?id=2972021",
"refsource" : "MISC",
"url" : "https://news.ycombinator.com/item?id=2972021"
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name" : "USN-3696-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3696-1/"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4"
},
{
"name" : "USN-3696-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3696-2/"
"name": "https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4"
},
{
"name" : "USN-3754-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3754-1/"
"name": "USN-3696-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3696-2/"
},
{
"name" : "103774",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103774"
"name": "103774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103774"
}
]
}

74
2018/10xxx/CVE-2018-10733.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10733",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10733",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack."
"lang": "eng",
"value": "There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1574844",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1574844"
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name" : "RHSA-2018:3140",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3140"
"name": "RHSA-2018:3140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3140"
},
{
"name" : "RHSA-2018:3505",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3505"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1574844",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574844"
}
]
}

82
2018/10xxx/CVE-2018-10856.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-10856",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10856",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "podman",
"version" : {
"version_data" : [
"product_name": "podman",
"version": {
"version_data": [
{
"version_value" : "podman 0.6.1"
"version_value": "podman 0.6.1"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container."
"lang": "eng",
"value": "It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container."
}
]
},
"impact" : {
"cvss" : [
"impact": {
"cvss": [
[
{
"vectorString" : "5.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version" : "3.0"
"vectorString": "5.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-250"
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856"
},
{
"name" : "https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24",
"refsource" : "CONFIRM",
"url" : "https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24"
"name": "https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24",
"refsource": "CONFIRM",
"url": "https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24"
},
{
"name" : "RHSA-2018:2037",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2037"
"name": "RHSA-2018:2037",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2037"
}
]
}

62
2018/14xxx/CVE-2018-14459.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14459",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14459",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h."
"lang": "eng",
"value": "An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md",
"refsource" : "MISC",
"url" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md"
"name": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md"
}
]
}

62
2018/14xxx/CVE-2018-14512.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14512",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14512",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the \"system settings - mail server\" screen, the XSS payload is triggered."
"lang": "eng",
"value": "An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the \"system settings - mail server\" screen, the XSS payload is triggered."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/wuzhicms/wuzhicms/issues/143",
"refsource" : "MISC",
"url" : "https://github.com/wuzhicms/wuzhicms/issues/143"
"name": "https://github.com/wuzhicms/wuzhicms/issues/143",
"refsource": "MISC",
"url": "https://github.com/wuzhicms/wuzhicms/issues/143"
}
]
}

62
2018/14xxx/CVE-2018-14889.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14889",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14889",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability."
"lang": "eng",
"value": "CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://vectra.ai/security-advisories",
"refsource" : "CONFIRM",
"url" : "https://vectra.ai/security-advisories"
"name": "https://vectra.ai/security-advisories",
"refsource": "CONFIRM",
"url": "https://vectra.ai/security-advisories"
}
]
}

62
2018/15xxx/CVE-2018-15493.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15493",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15493",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "vBulletin 5.4.3 has an Open Redirect."
"lang": "eng",
"value": "vBulletin 5.4.3 has an Open Redirect."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-017.txt",
"refsource" : "MISC",
"url" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-017.txt"
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-017.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-017.txt"
}
]
}

86
2018/20xxx/CVE-2018-20169.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20169",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20169",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c."
"lang": "eng",
"value": "An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf"
"name": "USN-3879-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3879-2/"
},
{
"name" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9",
"refsource" : "MISC",
"url" : "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=704620afc70cf47abb9d6a1a57f3825d2bca49cf"
},
{
"name" : "https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf"
"name": "USN-3879-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3879-1/"
},
{
"name" : "USN-3879-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3879-1/"
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9"
},
{
"name" : "USN-3879-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3879-2/"
"name": "https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/704620afc70cf47abb9d6a1a57f3825d2bca49cf"
}
]
}

68
2018/20xxx/CVE-2018-20595.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20595",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20595",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful."
"lang": "eng",
"value": "A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in the session after user authentication is successful."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/hs-web/hsweb-framework/commit/40929e9b0d336a26281a5ed2e0e721d54dd8d2f2",
"refsource" : "MISC",
"url" : "https://github.com/hs-web/hsweb-framework/commit/40929e9b0d336a26281a5ed2e0e721d54dd8d2f2"
"name": "https://github.com/hs-web/hsweb-framework/commit/40929e9b0d336a26281a5ed2e0e721d54dd8d2f2",
"refsource": "MISC",
"url": "https://github.com/hs-web/hsweb-framework/commit/40929e9b0d336a26281a5ed2e0e721d54dd8d2f2"
},
{
"name" : "https://github.com/hs-web/hsweb-framework/issues/107",
"refsource" : "MISC",
"url" : "https://github.com/hs-web/hsweb-framework/issues/107"
"name": "https://github.com/hs-web/hsweb-framework/issues/107",
"refsource": "MISC",
"url": "https://github.com/hs-web/hsweb-framework/issues/107"
}
]
}

62
2018/20xxx/CVE-2018-20602.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20602",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20602",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI."
"lang": "eng",
"value": "Lei Feng TV CMS (aka LFCMS) 3.8.6 allows full path disclosure via the /install.php?s=/1 URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#information_disclosure",
"refsource" : "MISC",
"url" : "https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#information_disclosure"
"name": "https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#information_disclosure",
"refsource": "MISC",
"url": "https://github.com/AvaterXXX/CVEs/blob/master/lfdycms.md#information_disclosure"
}
]
}

62
2018/20xxx/CVE-2018-20768.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20768",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20768",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file."
"lang": "eng",
"value": "An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf",
"refsource" : "CONFIRM",
"url" : "https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf"
"name": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf",
"refsource": "CONFIRM",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2018/07/cert_Security_Mini_Bulletin_XRX18Y_for_ConnectKey_EC78xx_v1.0.pdf"
}
]
}

86
2018/9xxx/CVE-2018-9336.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9336",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9336",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation."
"lang": "eng",
"value": "openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x before 2.4.6 allows a local attacker to cause a double-free of memory by sending a malformed request to the interactive service. This could cause a denial-of-service through memory corruption or possibly have unspecified other impact including privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.tenable.com/security/research/tra-2018-09",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-09"
"name": "https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6",
"refsource": "CONFIRM",
"url": "https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6"
},
{
"name" : "https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24",
"refsource" : "CONFIRM",
"url" : "https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24"
"name": "SSA:2018-116-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.568761"
},
{
"name" : "https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b",
"refsource" : "CONFIRM",
"url" : "https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b"
"name": "https://www.tenable.com/security/research/tra-2018-09",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-09"
},
{
"name" : "https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6",
"refsource" : "CONFIRM",
"url" : "https://github.com/OpenVPN/openvpn/releases/tag/v2.4.6"
"name": "https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b",
"refsource": "CONFIRM",
"url": "https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b"
},
{
"name" : "SSA:2018-116-01",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.568761"
"name": "https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24",
"refsource": "CONFIRM",
"url": "https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24"
}
]
}

22
2018/9xxx/CVE-2018-9776.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9776",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9776",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/9xxx/CVE-2018-9955.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-9955",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-9955",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value" : "9.0.1.1049"
"version_value": "9.0.1.1049"
}
]
}
}
]
},
"vendor_name" : "Foxit"
"vendor_name": "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNode method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5531."
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNode method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5531."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-339",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-339"
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
"name": "https://zerodayinitiative.com/advisories/ZDI-18-339",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-339"
}
]
}