admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:36:18 +00:00
parent cc169e221e
commit 18c3961f83
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 4302 additions and 4302 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2002/0xxx/CVE-2002-0042.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0042", "ID": "CVE-2002-0042",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS." "value": "Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20020402-01-P", "name": "4511",
"refsource" : "SGI", "refsource": "BID",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20020402-01-P" "url": "http://www.securityfocus.com/bid/4511"
}, },
{ {
"name" : "irix-xfs-dos(8839)", "name": "irix-xfs-dos(8839)",
"refsource" : "XF", "refsource": "XF",
"url" : "http://www.iss.net/security_center/static/8839.php" "url": "http://www.iss.net/security_center/static/8839.php"
}, },
{ {
"name" : "4511", "name": "20020402-01-P",
"refsource" : "BID", "refsource": "SGI",
"url" : "http://www.securityfocus.com/bid/4511" "url": "ftp://patches.sgi.com/support/free/security/advisories/20020402-01-P"
} }
] ]
} }

74
2002/0xxx/CVE-2002-0439.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0439", "ID": "CVE-2002-0439",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field." "value": "Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20020311 CaupoShop: cross-site-scripting bug", "name": "4270",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://www.securityfocus.com/archive/1/261218" "url": "http://www.securityfocus.com/bid/4270"
}, },
{ {
"name" : "cauposhop-user-info-css(8431)", "name": "20020311 CaupoShop: cross-site-scripting bug",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "http://www.iss.net/security_center/static/8431.php" "url": "http://www.securityfocus.com/archive/1/261218"
}, },
{ {
"name" : "4270", "name": "cauposhop-user-info-css(8431)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/4270" "url": "http://www.iss.net/security_center/static/8431.php"
} }
] ]
} }

80
2002/0xxx/CVE-2002-0831.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0831", "ID": "CVE-2002-0831",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end." "value": "The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "FreeBSD-SA-02:37.kqueue", "name": "freebsd-kqueue-dos(9774)",
"refsource" : "FREEBSD", "refsource": "XF",
"url" : "http://marc.info/?l=bugtraq&m=102865142610126&w=2" "url": "http://www.iss.net/security_center/static/9774.php"
}, },
{ {
"name" : "freebsd-kqueue-dos(9774)", "name": "FreeBSD-SA-02:37.kqueue",
"refsource" : "XF", "refsource": "FREEBSD",
"url" : "http://www.iss.net/security_center/static/9774.php" "url": "http://marc.info/?l=bugtraq&m=102865142610126&w=2"
}, },
{ {
"name" : "5405", "name": "5405",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/5405" "url": "http://www.securityfocus.com/bid/5405"
}, },
{ {
"name" : "5069", "name": "5069",
"refsource" : "OSVDB", "refsource": "OSVDB",
"url" : "http://www.osvdb.org/5069" "url": "http://www.osvdb.org/5069"
} }
] ]
} }

80
2002/0xxx/CVE-2002-0930.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0930", "ID": "CVE-2002-0930",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command." "value": "Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20020625 cqure.net.20020521.netware_nwftpd_fmtstr", "name": "20020625 [VulnWatch] cqure.net.20020521.netware_nwftpd_fmtstr",
"refsource" : "BUGTRAQ", "refsource": "VULNWATCH",
"url" : "http://online.securityfocus.com/archive/1/278689" "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0127.html"
}, },
{ {
"name" : "20020625 [VulnWatch] cqure.net.20020521.netware_nwftpd_fmtstr", "name": "netware-ftp-username-dos(9429)",
"refsource" : "VULNWATCH", "refsource": "XF",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0127.html" "url": "http://www.iss.net/security_center/static/9429.php"
}, },
{ {
"name" : "5099", "name": "5099",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/5099" "url": "http://www.securityfocus.com/bid/5099"
}, },
{ {
"name" : "netware-ftp-username-dos(9429)", "name": "20020625 cqure.net.20020521.netware_nwftpd_fmtstr",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "http://www.iss.net/security_center/static/9429.php" "url": "http://online.securityfocus.com/archive/1/278689"
} }
] ]
} }

80
2002/1xxx/CVE-2002-1039.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1039", "ID": "CVE-2002-1039",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature." "value": "Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities", "name": "http://dcl.sourceforge.net/index.php",
"refsource" : "VULNWATCH", "refsource": "CONFIRM",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html" "url": "http://dcl.sourceforge.net/index.php"
}, },
{ {
"name" : "20020714 Double Choco Latte multiple vulnerabilities", "name": "20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities",
"refsource" : "BUGTRAQ", "refsource": "VULNWATCH",
"url" : "http://marc.info/?l=bugtraq&m=102668783632589&w=2" "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html"
}, },
{ {
"name" : "http://dcl.sourceforge.net/index.php", "name": "20020714 Double Choco Latte multiple vulnerabilities",
"refsource" : "CONFIRM", "refsource": "BUGTRAQ",
"url" : "http://dcl.sourceforge.net/index.php" "url": "http://marc.info/?l=bugtraq&m=102668783632589&w=2"
}, },
{ {
"name" : "dcl-dotdot-directory-traversal(9743)", "name": "dcl-dotdot-directory-traversal(9743)",
"refsource" : "XF", "refsource": "XF",
"url" : "http://www.iss.net/security_center/static/9743.php" "url": "http://www.iss.net/security_center/static/9743.php"
} }
] ]
} }

68
2002/1xxx/CVE-2002-1210.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1210", "ID": "CVE-2002-1210",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context." "value": "Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20021119 iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability", "name": "http://www.idefense.com/advisory/11.19.02b.txt",
"refsource" : "VULNWATCH", "refsource": "MISC",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0079.html" "url": "http://www.idefense.com/advisory/11.19.02b.txt"
}, },
{ {
"name" : "http://www.idefense.com/advisory/11.19.02b.txt", "name": "20021119 iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability",
"refsource" : "MISC", "refsource": "VULNWATCH",
"url" : "http://www.idefense.com/advisory/11.19.02b.txt" "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0079.html"
} }
] ]
} }

110
2002/1xxx/CVE-2002-1336.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1336", "ID": "CVE-2002-1336",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users." "value": "TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20020724 VNC authentication weakness", "name": "vnc-weak-authentication(5992)",
"refsource" : "BUGTRAQ", "refsource": "XF",
"url" : "http://marc.info/?l=bugtraq&m=102753170201524&w=2" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992"
}, },
{ {
"name" : "20020726 RE: VNC authentication weakness", "name": "RHSA-2002:287",
"refsource" : "BUGTRAQ", "refsource": "REDHAT",
"url" : "http://marc.info/?l=bugtraq&m=102769183913594&w=2" "url": "http://www.redhat.com/support/errata/RHSA-2002-287.html"
}, },
{ {
"name" : "http://www.tightvnc.com/WhatsNew.txt", "name": "20020724 VNC authentication weakness",
"refsource" : "CONFIRM", "refsource": "BUGTRAQ",
"url" : "http://www.tightvnc.com/WhatsNew.txt" "url": "http://marc.info/?l=bugtraq&m=102753170201524&w=2"
}, },
{ {
"name" : "CLA-2003:640", "name": "RHSA-2003:041",
"refsource" : "CONECTIVA", "refsource": "REDHAT",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640" "url": "http://www.redhat.com/support/errata/RHSA-2003-041.html"
}, },
{ {
"name" : "MDKSA-2003:022", "name": "MDKSA-2003:022",
"refsource" : "MANDRAKE", "refsource": "MANDRAKE",
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022" "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022"
}, },
{ {
"name" : "RHSA-2002:287", "name": "CLA-2003:640",
"refsource" : "REDHAT", "refsource": "CONECTIVA",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-287.html" "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640"
}, },
{ {
"name" : "RHSA-2003:041", "name": "http://www.tightvnc.com/WhatsNew.txt",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-041.html" "url": "http://www.tightvnc.com/WhatsNew.txt"
}, },
{ {
"name" : "5296", "name": "20020726 RE: VNC authentication weakness",
"refsource" : "BID", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/bid/5296" "url": "http://marc.info/?l=bugtraq&m=102769183913594&w=2"
}, },
{ {
"name" : "vnc-weak-authentication(5992)", "name": "5296",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992" "url": "http://www.securityfocus.com/bid/5296"
} }
] ]
} }

74
2002/1xxx/CVE-2002-1415.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1415", "ID": "CVE-2002-1415",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests." "value": "Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20020820 Advisory: DoS in WebEasyMail +more possible?", "name": "5518",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://online.securityfocus.com/archive/1/288222" "url": "http://www.securityfocus.com/bid/5518"
}, },
{ {
"name" : "5518", "name": "20020820 Advisory: DoS in WebEasyMail +more possible?",
"refsource" : "BID", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/bid/5518" "url": "http://online.securityfocus.com/archive/1/288222"
}, },
{ {
"name" : "webeasymail-smtp-service-dos(9924)", "name": "webeasymail-smtp-service-dos(9924)",
"refsource" : "XF", "refsource": "XF",
"url" : "http://www.iss.net/security_center/static/9924.php" "url": "http://www.iss.net/security_center/static/9924.php"
} }
] ]
} }

116
2002/1xxx/CVE-2002-1661.json
View File

@ -1,106 +1,106 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1661", "ID": "CVE-2002-1661",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group." "value": "The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20021229 Leafnode security announcement SA:2002:01", "name": "1005865",
"refsource" : "BUGTRAQ", "refsource": "SECTRACK",
"url" : "http://marc.info/?l=bugtraq&m=104127108823436&w=2" "url": "http://www.securitytracker.com/id?1005865"
}, },
{ {
"name" : "http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt", "name": "7801",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt" "url": "http://secunia.com/advisories/7801"
}, },
{ {
"name" : "20030102 GLSA: leafnode", "name": "7870",
"refsource" : "BUGTRAQ", "refsource": "SECUNIA",
"url" : "http://marc.info/?l=bugtraq&m=104152295210075&w=2" "url": "http://secunia.com/advisories/7870"
}, },
{ {
"name" : "MDKSA-2003:005", "name": "http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt",
"refsource" : "MANDRAKE", "refsource": "CONFIRM",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:005" "url": "http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt"
}, },
{ {
"name" : "6490", "name": "20021229 Leafnode security announcement SA:2002:01",
"refsource" : "BID", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/bid/6490" "url": "http://marc.info/?l=bugtraq&m=104127108823436&w=2"
}, },
{ {
"name" : "1005865", "name": "20030102 GLSA: leafnode",
"refsource" : "SECTRACK", "refsource": "BUGTRAQ",
"url" : "http://www.securitytracker.com/id?1005865" "url": "http://marc.info/?l=bugtraq&m=104152295210075&w=2"
}, },
{ {
"name" : "7799", "name": "leafnode-nntp-dos(10942)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/7799" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10942"
}, },
{ {
"name" : "7801", "name": "7799",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/7801" "url": "http://secunia.com/advisories/7799"
}, },
{ {
"name" : "7870", "name": "6490",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/7870" "url": "http://www.securityfocus.com/bid/6490"
}, },
{ {
"name" : "leafnode-nntp-dos(10942)", "name": "MDKSA-2003:005",
"refsource" : "XF", "refsource": "MANDRAKE",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10942" "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:005"
} }
] ]
} }

86
2003/0xxx/CVE-2003-0034.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0034", "ID": "CVE-2003-0034",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable." "value": "Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.idefense.com/advisory/01.21.03.txt", "name": "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package",
"refsource" : "MISC", "refsource": "VULNWATCH",
"url" : "http://www.idefense.com/advisory/01.21.03.txt" "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html"
}, },
{ {
"name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package", "name": "1005959",
"refsource" : "VULNWATCH", "refsource": "SECTRACK",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html" "url": "http://www.securitytracker.com/id?1005959"
}, },
{ {
"name" : "MDKSA-2003:010", "name": "MDKSA-2003:010",
"refsource" : "MANDRAKE", "refsource": "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:010" "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:010"
}, },
{ {
"name" : "6656", "name": "6656",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/6656" "url": "http://www.securityfocus.com/bid/6656"
}, },
{ {
"name" : "1005959", "name": "http://www.idefense.com/advisory/01.21.03.txt",
"refsource" : "SECTRACK", "refsource": "MISC",
"url" : "http://www.securitytracker.com/id?1005959" "url": "http://www.idefense.com/advisory/01.21.03.txt"
} }
] ]
} }

176
2003/0xxx/CVE-2003-0178.json
View File

@ -1,156 +1,156 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0178", "ID": "CVE-2003-0178",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation." "value": "Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)", "name": "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104550063431461&w=2" "url": "http://marc.info/?l=bugtraq&m=104550063431463&w=2"
}, },
{ {
"name" : "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)", "name": "VU#772817",
"refsource" : "NTBUGTRAQ", "refsource": "CERT-VN",
"url" : "http://marc.info/?l=ntbugtraq&m=104558777531350&w=2" "url": "http://www.kb.cert.org/vuls/id/772817"
}, },
{ {
"name" : "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)", "name": "20030217 Domino Advisories UPDATE",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104550063431463&w=2" "url": "http://marc.info/?l=bugtraq&m=104550335103136&w=2"
}, },
{ {
"name" : "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)", "name": "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)",
"refsource" : "NTBUGTRAQ", "refsource": "VULNWATCH",
"url" : "http://marc.info/?l=ntbugtraq&m=104558777331345&w=2" "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0080.html"
}, },
{ {
"name" : "20030217 Domino Advisories UPDATE", "name": "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104550335103136&w=2" "url": "http://marc.info/?l=bugtraq&m=104550063431461&w=2"
}, },
{ {
"name" : "20030217 Domino Advisories UPDATE", "name": "VU#542873",
"refsource" : "NTBUGTRAQ", "refsource": "CERT-VN",
"url" : "http://marc.info/?l=ntbugtraq&m=104558778331387&w=2" "url": "http://www.kb.cert.org/vuls/id/542873"
}, },
{ {
"name" : "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)", "name": "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)",
"refsource" : "VULNWATCH", "refsource": "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0080.html" "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0081.html"
}, },
{ {
"name" : "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)", "name": "CA-2003-11",
"refsource" : "VULNWATCH", "refsource": "CERT",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0081.html" "url": "http://www.cert.org/advisories/CA-2003-11.html"
}, },
{ {
"name" : "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)", "name": "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)",
"refsource" : "VULNWATCH", "refsource": "NTBUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html" "url": "http://marc.info/?l=ntbugtraq&m=104558777531350&w=2"
}, },
{ {
"name" : "http://www.nextgenss.com/advisories/lotus-hostlocbo.txt", "name": "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)",
"refsource" : "MISC", "refsource": "NTBUGTRAQ",
"url" : "http://www.nextgenss.com/advisories/lotus-hostlocbo.txt" "url": "http://marc.info/?l=ntbugtraq&m=104558777331345&w=2"
}, },
{ {
"name" : "http://www.nextgenss.com/advisories/lotus-inotesoflow.txt", "name": "lotus-domino-hostname-bo(11337)",
"refsource" : "MISC", "refsource": "XF",
"url" : "http://www.nextgenss.com/advisories/lotus-inotesoflow.txt" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11337"
}, },
{ {
"name" : "CA-2003-11", "name": "VU#206361",
"refsource" : "CERT", "refsource": "CERT-VN",
"url" : "http://www.cert.org/advisories/CA-2003-11.html" "url": "http://www.kb.cert.org/vuls/id/206361"
}, },
{ {
"name" : "VU#206361", "name": "lotus-domino-inotes-bo(11336)",
"refsource" : "CERT-VN", "refsource": "XF",
"url" : "http://www.kb.cert.org/vuls/id/206361" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11336"
}, },
{ {
"name" : "VU#542873", "name": "20030217 Domino Advisories UPDATE",
"refsource" : "CERT-VN", "refsource": "NTBUGTRAQ",
"url" : "http://www.kb.cert.org/vuls/id/542873" "url": "http://marc.info/?l=ntbugtraq&m=104558778331387&w=2"
}, },
{ {
"name" : "VU#772817", "name": "6870",
"refsource" : "CERT-VN", "refsource": "BID",
"url" : "http://www.kb.cert.org/vuls/id/772817" "url": "http://www.securityfocus.com/bid/6870"
}, },
{ {
"name" : "N-065", "name": "N-065",
"refsource" : "CIAC", "refsource": "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml" "url": "http://www.ciac.org/ciac/bulletins/n-065.shtml"
}, },
{ {
"name" : "6870", "name": "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)",
"refsource" : "BID", "refsource": "VULNWATCH",
"url" : "http://www.securityfocus.com/bid/6870" "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html"
}, },
{ {
"name" : "6871", "name": "http://www.nextgenss.com/advisories/lotus-hostlocbo.txt",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/6871" "url": "http://www.nextgenss.com/advisories/lotus-hostlocbo.txt"
}, },
{ {
"name" : "lotus-domino-hostname-bo(11337)", "name": "http://www.nextgenss.com/advisories/lotus-inotesoflow.txt",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11337" "url": "http://www.nextgenss.com/advisories/lotus-inotesoflow.txt"
}, },
{ {
"name" : "lotus-domino-inotes-bo(11336)", "name": "6871",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11336" "url": "http://www.securityfocus.com/bid/6871"
} }
] ]
} }

92
2003/0xxx/CVE-2003-0196.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0196", "ID": "CVE-2003-0196",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201." "value": "Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)", "name": "oval:org.mitre.oval:def:564",
"refsource" : "BUGTRAQ", "refsource": "OVAL",
"url" : "http://marc.info/?l=bugtraq&m=104973186901597&w=2" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564"
}, },
{ {
"name" : "DSA-280", "name": "DSA-280",
"refsource" : "DEBIAN", "refsource": "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-280" "url": "http://www.debian.org/security/2003/dsa-280"
}, },
{ {
"name" : "MDKSA-2003:044", "name": "MDKSA-2003:044",
"refsource" : "MANDRAKE", "refsource": "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:044" "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:044"
}, },
{ {
"name" : "RHSA-2003:137", "name": "RHSA-2003:137",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-137.html" "url": "http://www.redhat.com/support/errata/RHSA-2003-137.html"
}, },
{ {
"name" : "20030407 Immunix Secured OS 7+ samba update", "name": "20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104974612519064&w=2" "url": "http://marc.info/?l=bugtraq&m=104973186901597&w=2"
}, },
{ {
"name" : "oval:org.mitre.oval:def:564", "name": "20030407 Immunix Secured OS 7+ samba update",
"refsource" : "OVAL", "refsource": "BUGTRAQ",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564" "url": "http://marc.info/?l=bugtraq&m=104974612519064&w=2"
} }
] ]
} }

110
2003/0xxx/CVE-2003-0812.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0812", "ID": "CVE-2003-0812",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file (\"NetSetup.LOG\"), as demonstrated using the NetAddAlternateComputerName API." "value": "Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file (\"NetSetup.LOG\"), as demonstrated using the NetAddAlternateComputerName API."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20031111 EEYE: Windows Workstation Service Remote Buffer Overflow", "name": "20040129 Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049)",
"refsource" : "BUGTRAQ", "refsource": "CISCO",
"url" : "http://marc.info/?l=bugtraq&m=106859247713009&w=2" "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml"
}, },
{ {
"name" : "20031112 Proof of concept for Windows Workstation Service overflow", "name": "MS03-049",
"refsource" : "BUGTRAQ", "refsource": "MS",
"url" : "http://marc.info/?l=bugtraq&m=106865197102041&w=2" "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-049"
}, },
{ {
"name" : "MS03-049", "name": "9011",
"refsource" : "MS", "refsource": "BID",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-049" "url": "http://www.securityfocus.com/bid/9011"
}, },
{ {
"name" : "20040129 Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049)", "name": "20031111 EEYE: Windows Workstation Service Remote Buffer Overflow",
"refsource" : "CISCO", "refsource": "BUGTRAQ",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml" "url": "http://marc.info/?l=bugtraq&m=106859247713009&w=2"
}, },
{ {
"name" : "CA-2003-28", "name": "VU#567620",
"refsource" : "CERT", "refsource": "CERT-VN",
"url" : "http://www.cert.org/advisories/CA-2003-28.html" "url": "http://www.kb.cert.org/vuls/id/567620"
}, },
{ {
"name" : "VU#567620", "name": "20031112 Proof of concept for Windows Workstation Service overflow",
"refsource" : "CERT-VN", "refsource": "BUGTRAQ",
"url" : "http://www.kb.cert.org/vuls/id/567620" "url": "http://marc.info/?l=bugtraq&m=106865197102041&w=2"
}, },
{ {
"name" : "9011", "name": "oval:org.mitre.oval:def:331",
"refsource" : "BID", "refsource": "OVAL",
"url" : "http://www.securityfocus.com/bid/9011" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A331"
}, },
{ {
"name" : "oval:org.mitre.oval:def:331", "name": "CA-2003-28",
"refsource" : "OVAL", "refsource": "CERT",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A331" "url": "http://www.cert.org/advisories/CA-2003-28.html"
}, },
{ {
"name" : "oval:org.mitre.oval:def:575", "name": "oval:org.mitre.oval:def:575",
"refsource" : "OVAL", "refsource": "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A575" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A575"
} }
] ]
} }

104
2003/1xxx/CVE-2003-1177.json
View File

@ -1,96 +1,96 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1177", "ID": "CVE-2003-1177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server." "value": "Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20031024 Vulnerability in MERCUR Mail Server v4.2 SP3 and below", "name": "8861",
"refsource" : "FULLDISC", "refsource": "BID",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/1459.html" "url": "http://www.securityfocus.com/bid/8861"
}, },
{ {
"name" : "http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html", "name": "10038",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html" "url": "http://secunia.com/advisories/10038"
}, },
{ {
"name" : "http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html", "name": "8889",
"refsource" : "MISC", "refsource": "BID",
"url" : "http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html" "url": "http://www.securityfocus.com/bid/8889"
}, },
{ {
"name" : "8861", "name": "2688",
"refsource" : "BID", "refsource": "OSVDB",
"url" : "http://www.securityfocus.com/bid/8861" "url": "http://www.osvdb.org/2688"
}, },
{ {
"name" : "8889", "name": "20031024 Vulnerability in MERCUR Mail Server v4.2 SP3 and below",
"refsource" : "BID", "refsource": "FULLDISC",
"url" : "http://www.securityfocus.com/bid/8889" "url": "http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/1459.html"
}, },
{ {
"name" : "2688", "name": "mercur-auth-command-dos(13468)",
"refsource" : "OSVDB", "refsource": "XF",
"url" : "http://www.osvdb.org/2688" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13468"
}, },
{ {
"name" : "10038", "name": "http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/10038" "url": "http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html"
}, },
{ {
"name" : "mercur-auth-command-dos(13468)", "name": "http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13468" "url": "http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html"
} }
] ]
} }

80
2003/1xxx/CVE-2003-1239.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1239", "ID": "CVE-2003-1239",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter." "value": "Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20030223 WihPhoto (PHP)", "name": "20030223 WihPhoto (PHP)",
"refsource" : "BUGTRAQ", "refsource": "VULNWATCH",
"url" : "http://www.securityfocus.com/archive/1/312966" "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0092.html"
}, },
{ {
"name" : "20030223 WihPhoto (PHP)", "name": "wihphoto-sendphoto-file-disclosure(11429)",
"refsource" : "VULNWATCH", "refsource": "XF",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0092.html" "url": "http://www.iss.net/security_center/static/11429.php"
}, },
{ {
"name" : "6929", "name": "6929",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/6929" "url": "http://www.securityfocus.com/bid/6929"
}, },
{ {
"name" : "wihphoto-sendphoto-file-disclosure(11429)", "name": "20030223 WihPhoto (PHP)",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "http://www.iss.net/security_center/static/11429.php" "url": "http://www.securityfocus.com/archive/1/312966"
} }
] ]
} }

80
2004/2xxx/CVE-2004-2559.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2559", "ID": "CVE-2004-2559",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks." "value": "DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://wiki.splitbrain.org/wiki:old_changes", "name": "1011802",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "http://wiki.splitbrain.org/wiki:old_changes" "url": "http://securitytracker.com/id?1011802"
}, },
{ {
"name" : "11005", "name": "dokuwiki-acl-gain-access(17799)",
"refsource" : "OSVDB", "refsource": "XF",
"url" : "http://www.osvdb.org/11005" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17799"
}, },
{ {
"name" : "1011802", "name": "11005",
"refsource" : "SECTRACK", "refsource": "OSVDB",
"url" : "http://securitytracker.com/id?1011802" "url": "http://www.osvdb.org/11005"
}, },
{ {
"name" : "dokuwiki-acl-gain-access(17799)", "name": "http://wiki.splitbrain.org/wiki:old_changes",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17799" "url": "http://wiki.splitbrain.org/wiki:old_changes"
} }
] ]
} }

92
2012/0xxx/CVE-2012-0493.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-0493", "ID": "CVE-2012-0493",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495." "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", "name": "USN-1397-1",
"refsource" : "CONFIRM", "refsource": "UBUNTU",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" "url": "http://www.ubuntu.com/usn/USN-1397-1"
}, },
{ {
"name" : "GLSA-201308-06", "name": "mysql-serveruns15-dos(72538)",
"refsource" : "GENTOO", "refsource": "XF",
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72538"
}, },
{ {
"name" : "USN-1397-1", "name": "53372",
"refsource" : "UBUNTU", "refsource": "SECUNIA",
"url" : "http://www.ubuntu.com/usn/USN-1397-1" "url": "http://secunia.com/advisories/53372"
}, },
{ {
"name" : "78394", "name": "GLSA-201308-06",
"refsource" : "OSVDB", "refsource": "GENTOO",
"url" : "http://osvdb.org/78394" "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
}, },
{ {
"name" : "53372", "name": "78394",
"refsource" : "SECUNIA", "refsource": "OSVDB",
"url" : "http://secunia.com/advisories/53372" "url": "http://osvdb.org/78394"
}, },
{ {
"name" : "mysql-serveruns15-dos(72538)", "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72538" "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
} }
] ]
} }

80
2012/0xxx/CVE-2012-0541.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-0541", "ID": "CVE-2012-0541",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-My Services." "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-My Services."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", "name": "1026953",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" "url": "http://www.securitytracker.com/id?1026953"
}, },
{ {
"name" : "MDVSA-2013:150", "name": "53100",
"refsource" : "MANDRIVA", "refsource": "BID",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "url": "http://www.securityfocus.com/bid/53100"
}, },
{ {
"name" : "53100", "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/53100" "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
}, },
{ {
"name" : "1026953", "name": "MDVSA-2013:150",
"refsource" : "SECTRACK", "refsource": "MANDRIVA",
"url" : "http://www.securitytracker.com/id?1026953" "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
} }
] ]
} }

74
2012/1xxx/CVE-2012-1087.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1087", "ID": "CVE-2012-1087",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." "value": "Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
}, },
{ {
"name" : "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/", "name": "78789",
"refsource" : "CONFIRM", "refsource": "OSVDB",
"url" : "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/" "url": "http://osvdb.org/78789"
}, },
{ {
"name" : "78789", "name": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/",
"refsource" : "OSVDB", "refsource": "CONFIRM",
"url" : "http://osvdb.org/78789" "url": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/"
} }
] ]
} }

98
2012/1xxx/CVE-2012-1181.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-1181", "ID": "CVE-2012-1181",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit." "value": "fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20120315 CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost", "name": "[oss-security] 20120315 Re: CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/15/10" "url": "http://www.openwall.com/lists/oss-security/2012/03/16/2"
}, },
{ {
"name" : "[oss-security] 20120315 Re: CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost", "name": "apache-modfcgid-dos(74181)",
"refsource" : "MLIST", "refsource": "XF",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/16/2" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74181"
}, },
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814", "name": "DSA-2436",
"refsource" : "CONFIRM", "refsource": "DEBIAN",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814" "url": "http://www.debian.org/security/2012/dsa-2436"
}, },
{ {
"name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=49902", "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=49902" "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814"
}, },
{ {
"name" : "DSA-2436", "name": "52565",
"refsource" : "DEBIAN", "refsource": "BID",
"url" : "http://www.debian.org/security/2012/dsa-2436" "url": "http://www.securityfocus.com/bid/52565"
}, },
{ {
"name" : "52565", "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=49902",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/52565" "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=49902"
}, },
{ {
"name" : "apache-modfcgid-dos(74181)", "name": "[oss-security] 20120315 CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost",
"refsource" : "XF", "refsource": "MLIST",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74181" "url": "http://www.openwall.com/lists/oss-security/2012/03/15/10"
} }
] ]
} }

68
2012/1xxx/CVE-2012-1335.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2012-1335", "ID": "CVE-2012-1335",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1336 and CVE-2012-1337." "value": "Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1336 and CVE-2012-1337."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20120404 Buffer Overflow Vulnerabilities in the Cisco WebEx Player", "name": "20120404 Buffer Overflow Vulnerabilities in the Cisco WebEx Player",
"refsource" : "CISCO", "refsource": "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex" "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex"
}, },
{ {
"name" : "1026888", "name": "1026888",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026888" "url": "http://www.securitytracker.com/id?1026888"
} }
] ]
} }

22
2012/4xxx/CVE-2012-4101.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-4101", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2012-4101",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }

206
2012/4xxx/CVE-2012-4209.json
View File

@ -1,181 +1,181 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4209", "ID": "CVE-2012-4209",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a \"top\" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin." "value": "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a \"top\" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html", "name": "USN-1638-3",
"refsource" : "CONFIRM", "refsource": "UBUNTU",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html" "url": "http://www.ubuntu.com/usn/USN-1638-3"
}, },
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=792405", "name": "51370",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=792405" "url": "http://secunia.com/advisories/51370"
}, },
{ {
"name" : "MDVSA-2012:173", "name": "USN-1638-2",
"refsource" : "MANDRIVA", "refsource": "UBUNTU",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" "url": "http://www.ubuntu.com/usn/USN-1638-2"
}, },
{ {
"name" : "RHSA-2012:1482", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=792405",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1482.html" "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=792405"
}, },
{ {
"name" : "RHSA-2012:1483", "name": "openSUSE-SU-2012:1586",
"refsource" : "REDHAT", "refsource": "SUSE",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1483.html" "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
}, },
{ {
"name" : "openSUSE-SU-2012:1583", "name": "USN-1636-1",
"refsource" : "SUSE", "refsource": "UBUNTU",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" "url": "http://www.ubuntu.com/usn/USN-1636-1"
}, },
{ {
"name" : "openSUSE-SU-2012:1585", "name": "openSUSE-SU-2013:0175",
"refsource" : "SUSE", "refsource": "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
}, },
{ {
"name" : "openSUSE-SU-2012:1586", "name": "RHSA-2012:1483",
"refsource" : "SUSE", "refsource": "REDHAT",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
}, },
{ {
"name" : "SUSE-SU-2012:1592", "name": "RHSA-2012:1482",
"refsource" : "SUSE", "refsource": "REDHAT",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
}, },
{ {
"name" : "openSUSE-SU-2013:0175", "name": "51434",
"refsource" : "SUSE", "refsource": "SECUNIA",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" "url": "http://secunia.com/advisories/51434"
}, },
{ {
"name" : "USN-1638-1", "name": "openSUSE-SU-2012:1583",
"refsource" : "UBUNTU", "refsource": "SUSE",
"url" : "http://www.ubuntu.com/usn/USN-1638-1" "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
}, },
{ {
"name" : "USN-1638-3", "name": "51439",
"refsource" : "UBUNTU", "refsource": "SECUNIA",
"url" : "http://www.ubuntu.com/usn/USN-1638-3" "url": "http://secunia.com/advisories/51439"
}, },
{ {
"name" : "USN-1638-2", "name": "51440",
"refsource" : "UBUNTU", "refsource": "SECUNIA",
"url" : "http://www.ubuntu.com/usn/USN-1638-2" "url": "http://secunia.com/advisories/51440"
}, },
{ {
"name" : "USN-1636-1", "name": "USN-1638-1",
"refsource" : "UBUNTU", "refsource": "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1636-1" "url": "http://www.ubuntu.com/usn/USN-1638-1"
}, },
{ {
"name" : "56629", "name": "SUSE-SU-2012:1592",
"refsource" : "BID", "refsource": "SUSE",
"url" : "http://www.securityfocus.com/bid/56629" "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
}, },
{ {
"name" : "oval:org.mitre.oval:def:16880", "name": "firefox-toplocation-xss(80181)",
"refsource" : "OVAL", "refsource": "XF",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80181"
}, },
{ {
"name" : "51359", "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/51359" "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html"
}, },
{ {
"name" : "51360", "name": "51359",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/51360" "url": "http://secunia.com/advisories/51359"
}, },
{ {
"name" : "51369", "name": "MDVSA-2012:173",
"refsource" : "SECUNIA", "refsource": "MANDRIVA",
"url" : "http://secunia.com/advisories/51369" "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
}, },
{ {
"name" : "51381", "name": "openSUSE-SU-2012:1585",
"refsource" : "SECUNIA", "refsource": "SUSE",
"url" : "http://secunia.com/advisories/51381" "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
}, },
{ {
"name" : "51434", "name": "56629",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/51434" "url": "http://www.securityfocus.com/bid/56629"
}, },
{ {
"name" : "51439", "name": "51381",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/51439" "url": "http://secunia.com/advisories/51381"
}, },
{ {
"name" : "51440", "name": "oval:org.mitre.oval:def:16880",
"refsource" : "SECUNIA", "refsource": "OVAL",
"url" : "http://secunia.com/advisories/51440" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880"
}, },
{ {
"name" : "51370", "name": "51369",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/51370" "url": "http://secunia.com/advisories/51369"
}, },
{ {
"name" : "firefox-toplocation-xss(80181)", "name": "51360",
"refsource" : "XF", "refsource": "SECUNIA",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80181" "url": "http://secunia.com/advisories/51360"
} }
] ]
} }

128
2012/4xxx/CVE-2012-4294.json
View File

@ -1,116 +1,116 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4294", "ID": "CVE-2012-4294",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value." "value": "Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44377&r2=44376&pathrev=44377", "name": "55035",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44377&r2=44376&pathrev=44377" "url": "http://www.securityfocus.com/bid/55035"
}, },
{ {
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44377", "name": "54425",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44377" "url": "http://secunia.com/advisories/54425"
}, },
{ {
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-16.html", "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44377&r2=44376&pathrev=44377",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-16.html" "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44377&r2=44376&pathrev=44377"
}, },
{ {
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563", "name": "oval:org.mitre.oval:def:15673",
"refsource" : "CONFIRM", "refsource": "OVAL",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15673"
}, },
{ {
"name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3"
}, },
{ {
"name" : "GLSA-201308-05", "name": "GLSA-201308-05",
"refsource" : "GENTOO", "refsource": "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
}, },
{ {
"name" : "openSUSE-SU-2012:1067", "name": "51363",
"refsource" : "SUSE", "refsource": "SECUNIA",
"url" : "https://hermes.opensuse.org/messages/15514562" "url": "http://secunia.com/advisories/51363"
}, },
{ {
"name" : "55035", "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44377",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/55035" "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44377"
}, },
{ {
"name" : "oval:org.mitre.oval:def:15673", "name": "http://www.wireshark.org/security/wnpa-sec-2012-16.html",
"refsource" : "OVAL", "refsource": "CONFIRM",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15673" "url": "http://www.wireshark.org/security/wnpa-sec-2012-16.html"
}, },
{ {
"name" : "51363", "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/51363" "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563"
}, },
{ {
"name" : "50276", "name": "50276",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/50276" "url": "http://secunia.com/advisories/50276"
}, },
{ {
"name" : "54425", "name": "openSUSE-SU-2012:1067",
"refsource" : "SECUNIA", "refsource": "SUSE",
"url" : "http://secunia.com/advisories/54425" "url": "https://hermes.opensuse.org/messages/15514562"
} }
] ]
} }

80
2012/4xxx/CVE-2012-4333.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4333", "ID": "CVE-2012-4333",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information." "value": "Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "18765", "name": "18765",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18765" "url": "http://www.exploit-db.com/exploits/18765"
}, },
{ {
"name" : "53193", "name": "53193",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/53193" "url": "http://www.securityfocus.com/bid/53193"
}, },
{ {
"name" : "48966", "name": "48966",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/48966" "url": "http://secunia.com/advisories/48966"
}, },
{ {
"name" : "netiware-activex-control-bo(75070)", "name": "netiware-activex-control-bo(75070)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75070" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75070"
} }
] ]
} }

68
2012/4xxx/CVE-2012-4629.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2012-4629", "ID": "CVE-2012-4629",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603." "value": "The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20120912 Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability", "name": "20120912 Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability",
"refsource" : "CISCO", "refsource": "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx" "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx"
}, },
{ {
"name" : "55515", "name": "55515",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/55515" "url": "http://www.securityfocus.com/bid/55515"
} }
] ]
} }

116
2012/5xxx/CVE-2012-5088.json
View File

@ -1,106 +1,106 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-5088", "ID": "CVE-2012-5088",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "name": "SUSE-SU-2012:1398",
"refsource" : "CONFIRM", "refsource": "SUSE",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
}, },
{ {
"name" : "RHSA-2012:1386", "name": "RHSA-2012:1386",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1386.html" "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"
}, },
{ {
"name" : "RHSA-2012:1391", "name": "oval:org.mitre.oval:def:16605",
"refsource" : "REDHAT", "refsource": "OVAL",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16605"
}, },
{ {
"name" : "RHSA-2012:1467", "name": "RHSA-2012:1391",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
}, },
{ {
"name" : "SUSE-SU-2012:1398", "name": "51029",
"refsource" : "SUSE", "refsource": "SECUNIA",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" "url": "http://secunia.com/advisories/51029"
}, },
{ {
"name" : "oval:org.mitre.oval:def:16605", "name": "51390",
"refsource" : "OVAL", "refsource": "SECUNIA",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16605" "url": "http://secunia.com/advisories/51390"
}, },
{ {
"name" : "51029", "name": "RHSA-2012:1467",
"refsource" : "SECUNIA", "refsource": "REDHAT",
"url" : "http://secunia.com/advisories/51029" "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
}, },
{ {
"name" : "51326", "name": "javaruntimeenvironment-lib-cve20125088(79420)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/51326" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79420"
}, },
{ {
"name" : "51390", "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/51390" "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
}, },
{ {
"name" : "javaruntimeenvironment-lib-cve20125088(79420)", "name": "51326",
"refsource" : "XF", "refsource": "SECUNIA",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79420" "url": "http://secunia.com/advisories/51326"
} }
] ]
} }

80
2017/2xxx/CVE-2017-2383.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2383", "ID": "CVE-2017-2383",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the \"APNs Server\" component. It allows man-in-the-middle attackers to track users via correlation with this certificate." "value": "An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the \"APNs Server\" component. It allows man-in-the-middle attackers to track users via correlation with this certificate."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://support.apple.com/HT207599", "name": "1038157",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://support.apple.com/HT207599" "url": "http://www.securitytracker.com/id/1038157"
}, },
{ {
"name" : "https://support.apple.com/HT207607", "name": "97175",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://support.apple.com/HT207607" "url": "http://www.securityfocus.com/bid/97175"
}, },
{ {
"name" : "97175", "name": "https://support.apple.com/HT207607",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/97175" "url": "https://support.apple.com/HT207607"
}, },
{ {
"name" : "1038157", "name": "https://support.apple.com/HT207599",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1038157" "url": "https://support.apple.com/HT207599"
} }
] ]
} }

122
2017/2xxx/CVE-2017-2633.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "anemec@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-2633", "ID": "CVE-2017-2633",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Qemu:", "product_name": "Qemu:",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.7.2" "version_value": "1.7.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "QEMU" "vendor_name": "QEMU"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process." "value": "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process."
} }
] ]
}, },
"impact" : { "impact": {
"cvss" : [ "cvss": [
[ [
{ {
"vectorString" : "5.4/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "vectorString": "5.4/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version" : "3.0" "version": "3.0"
} }
], ],
[ [
{ {
"vectorString" : "3.8/AV:A/AC:M/Au:S/C:N/I:P/A:P", "vectorString": "3.8/AV:A/AC:M/Au:S/C:N/I:P/A:P",
"version" : "2.0" "version": "2.0"
} }
] ]
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-120" "value": "CWE-120"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20170223 CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit", "name": "[oss-security] 20170223 CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/23/1" "url": "http://www.openwall.com/lists/oss-security/2017/02/23/1"
}, },
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633", "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633" "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef"
}, },
{ {
"name" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7", "name": "RHSA-2017:1206",
"refsource" : "CONFIRM", "refsource": "REDHAT",
"url" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7" "url": "https://access.redhat.com/errata/RHSA-2017:1206"
}, },
{ {
"name" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef", "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef" "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7"
}, },
{ {
"name" : "RHSA-2017:1205", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "https://access.redhat.com/errata/RHSA-2017:1205" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633"
}, },
{ {
"name" : "RHSA-2017:1206", "name": "RHSA-2017:1441",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1206" "url": "https://access.redhat.com/errata/RHSA-2017:1441"
}, },
{ {
"name" : "RHSA-2017:1441", "name": "96417",
"refsource" : "REDHAT", "refsource": "BID",
"url" : "https://access.redhat.com/errata/RHSA-2017:1441" "url": "http://www.securityfocus.com/bid/96417"
}, },
{ {
"name" : "RHSA-2017:1856", "name": "RHSA-2017:1856",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1856" "url": "https://access.redhat.com/errata/RHSA-2017:1856"
}, },
{ {
"name" : "96417", "name": "RHSA-2017:1205",
"refsource" : "BID", "refsource": "REDHAT",
"url" : "http://www.securityfocus.com/bid/96417" "url": "https://access.redhat.com/errata/RHSA-2017:1205"
} }
] ]
} }

76
2017/2xxx/CVE-2017-2901.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-01-11T00:00:00", "DATE_PUBLIC": "2018-01-11T00:00:00",
"ID" : "CVE-2017-2901", "ID": "CVE-2017-2901",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Blender", "product_name": "Blender",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "v2.78c" "version_value": "v2.78c"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Blender" "vendor_name": "Blender"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability." "value": "An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "buffer overflow" "value": "buffer overflow"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html" "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
}, },
{ {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408", "name": "DSA-4248",
"refsource" : "MISC", "refsource": "DEBIAN",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408" "url": "https://www.debian.org/security/2018/dsa-4248"
}, },
{ {
"name" : "DSA-4248", "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408",
"refsource" : "DEBIAN", "refsource": "MISC",
"url" : "https://www.debian.org/security/2018/dsa-4248" "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408"
} }
] ]
} }

86
2017/3xxx/CVE-2017-3079.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-3079", "ID": "CVE-2017-3079",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Flash Player 25.0.0.171 and earlier.", "product_name": "Adobe Flash Player 25.0.0.171 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Flash Player 25.0.0.171 and earlier." "version_value": "Adobe Flash Player 25.0.0.171 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution." "value": "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Memory Corruption" "value": "Memory Corruption"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html"
}, },
{ {
"name" : "GLSA-201707-15", "name": "99025",
"refsource" : "GENTOO", "refsource": "BID",
"url" : "https://security.gentoo.org/glsa/201707-15" "url": "http://www.securityfocus.com/bid/99025"
}, },
{ {
"name" : "RHSA-2017:1439", "name": "1038655",
"refsource" : "REDHAT", "refsource": "SECTRACK",
"url" : "https://access.redhat.com/errata/RHSA-2017:1439" "url": "http://www.securitytracker.com/id/1038655"
}, },
{ {
"name" : "99025", "name": "RHSA-2017:1439",
"refsource" : "BID", "refsource": "REDHAT",
"url" : "http://www.securityfocus.com/bid/99025" "url": "https://access.redhat.com/errata/RHSA-2017:1439"
}, },
{ {
"name" : "1038655", "name": "GLSA-201707-15",
"refsource" : "SECTRACK", "refsource": "GENTOO",
"url" : "http://www.securitytracker.com/id/1038655" "url": "https://security.gentoo.org/glsa/201707-15"
} }
] ]
} }

190
2017/3xxx/CVE-2017-3241.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3241", "ID": "CVE-2017-3241",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Java SE", "product_name": "Java SE",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6u131" "version_value": "6u131"
}, },
{ {
"version_value" : "7u121" "version_value": "7u121"
}, },
{ {
"version_value" : "8u112" "version_value": "8u112"
} }
] ]
} }
}, },
{ {
"product_name" : "Java SE Embedded", "product_name": "Java SE Embedded",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8u111" "version_value": "8u111"
} }
] ]
} }
}, },
{ {
"product_name" : "JRockit", "product_name": "JRockit",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "R28.3.12" "version_value": "R28.3.12"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)." "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" "value": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "41145", "name": "RHSA-2017:0338",
"refsource" : "EXPLOIT-DB", "refsource": "REDHAT",
"url" : "https://www.exploit-db.com/exploits/41145/" "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html"
}, },
{ {
"name" : "https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/", "name": "DSA-3782",
"refsource" : "MISC", "refsource": "DEBIAN",
"url" : "https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/" "url": "http://www.debian.org/security/2017/dsa-3782"
}, },
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "name": "RHSA-2017:0176",
"refsource" : "CONFIRM", "refsource": "REDHAT",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html"
}, },
{ {
"name" : "https://security.netapp.com/advisory/ntap-20170119-0001/", "name": "GLSA-201701-65",
"refsource" : "CONFIRM", "refsource": "GENTOO",
"url" : "https://security.netapp.com/advisory/ntap-20170119-0001/" "url": "https://security.gentoo.org/glsa/201701-65"
}, },
{ {
"name" : "DSA-3782", "name": "https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/",
"refsource" : "DEBIAN", "refsource": "MISC",
"url" : "http://www.debian.org/security/2017/dsa-3782" "url": "https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/"
}, },
{ {
"name" : "GLSA-201701-65", "name": "RHSA-2017:0180",
"refsource" : "GENTOO", "refsource": "REDHAT",
"url" : "https://security.gentoo.org/glsa/201701-65" "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html"
}, },
{ {
"name" : "GLSA-201707-01", "name": "1037637",
"refsource" : "GENTOO", "refsource": "SECTRACK",
"url" : "https://security.gentoo.org/glsa/201707-01" "url": "http://www.securitytracker.com/id/1037637"
}, },
{ {
"name" : "RHSA-2017:0175", "name": "GLSA-201707-01",
"refsource" : "REDHAT", "refsource": "GENTOO",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0175.html" "url": "https://security.gentoo.org/glsa/201707-01"
}, },
{ {
"name" : "RHSA-2017:0176", "name": "RHSA-2017:0175",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0176.html" "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html"
}, },
{ {
"name" : "RHSA-2017:0177", "name": "RHSA-2017:0177",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0177.html" "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html"
}, },
{ {
"name" : "RHSA-2017:0180", "name": "RHSA-2017:0263",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0180.html" "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html"
}, },
{ {
"name" : "RHSA-2017:0263", "name": "RHSA-2017:1216",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0263.html" "url": "https://access.redhat.com/errata/RHSA-2017:1216"
}, },
{ {
"name" : "RHSA-2017:0269", "name": "https://security.netapp.com/advisory/ntap-20170119-0001/",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0269.html" "url": "https://security.netapp.com/advisory/ntap-20170119-0001/"
}, },
{ {
"name" : "RHSA-2017:0336", "name": "RHSA-2017:0269",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0336.html" "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html"
}, },
{ {
"name" : "RHSA-2017:0337", "name": "41145",
"refsource" : "REDHAT", "refsource": "EXPLOIT-DB",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0337.html" "url": "https://www.exploit-db.com/exploits/41145/"
}, },
{ {
"name" : "RHSA-2017:0338", "name": "95488",
"refsource" : "REDHAT", "refsource": "BID",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0338.html" "url": "http://www.securityfocus.com/bid/95488"
}, },
{ {
"name" : "RHSA-2017:1216", "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "https://access.redhat.com/errata/RHSA-2017:1216" "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}, },
{ {
"name" : "95488", "name": "RHSA-2017:0337",
"refsource" : "BID", "refsource": "REDHAT",
"url" : "http://www.securityfocus.com/bid/95488" "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html"
}, },
{ {
"name" : "1037637", "name": "RHSA-2017:0336",
"refsource" : "SECTRACK", "refsource": "REDHAT",
"url" : "http://www.securitytracker.com/id/1037637" "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html"
} }
] ]
} }

86
2017/3xxx/CVE-2017-3587.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3587", "ID": "CVE-2017-3587",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Oracle VM VirtualBox", "product_name": "Oracle VM VirtualBox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "5.0.38" "version_value": "5.0.38"
}, },
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "5.1.20" "version_value": "5.1.20"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H)." "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox."
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "41932", "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "EXPLOIT-DB", "refsource": "CONFIRM",
"url" : "https://www.exploit-db.com/exploits/41932/" "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
}, },
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "name": "1038288",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" "url": "http://www.securitytracker.com/id/1038288"
}, },
{ {
"name" : "97750", "name": "41932",
"refsource" : "BID", "refsource": "EXPLOIT-DB",
"url" : "http://www.securityfocus.com/bid/97750" "url": "https://www.exploit-db.com/exploits/41932/"
}, },
{ {
"name" : "1038288", "name": "97750",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1038288" "url": "http://www.securityfocus.com/bid/97750"
} }
] ]
} }

76
2017/3xxx/CVE-2017-3621.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3621", "ID": "CVE-2017-3621",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Sun ZFS Storage Appliance Kit (AK) Software", "product_name": "Sun ZFS Storage Appliance Kit (AK) Software",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "AK 2013" "version_value": "AK 2013"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: IPC Frameworks). The supported version that is affected is AK 2013. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." "value": "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: IPC Frameworks). The supported version that is affected is AK 2013. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance Kit (AK)." "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance Kit (AK)."
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
}, },
{ {
"name" : "97801", "name": "1038292",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/97801" "url": "http://www.securitytracker.com/id/1038292"
}, },
{ {
"name" : "1038292", "name": "97801",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1038292" "url": "http://www.securityfocus.com/bid/97801"
} }
] ]
} }

68
2017/6xxx/CVE-2017-6692.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6692", "ID": "CVE-2017-6692",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Ultra Services Framework Element Manager", "product_name": "Cisco Ultra Services Framework Element Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Ultra Services Framework Element Manager" "version_value": "Cisco Ultra Services Framework Element Manager"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases: 21.0.v0.65839." "value": "A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases: 21.0.v0.65839."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Insecure Default Account Information Vulnerability" "value": "Insecure Default Account Information Vulnerability"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6"
}, },
{ {
"name" : "98980", "name": "98980",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/98980" "url": "http://www.securityfocus.com/bid/98980"
} }
] ]
} }

76
2017/6xxx/CVE-2017-6790.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2017-08-16T00:00:00", "DATE_PUBLIC": "2017-08-16T00:00:00",
"ID" : "CVE-2017-6790", "ID": "CVE-2017-6790",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "TelePresence Video Communication Server (VCS)", "product_name": "TelePresence Video Communication Server (VCS)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco Systems, Inc." "vendor_name": "Cisco Systems, Inc."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897." "value": "A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Denial of Service" "value": "Denial of Service"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20170816 Cisco TelePresence Video Communication Server Denial of Service Vulnerability", "name": "100369",
"refsource" : "CISCO", "refsource": "BID",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs" "url": "http://www.securityfocus.com/bid/100369"
}, },
{ {
"name" : "100369", "name": "1039185",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/100369" "url": "http://www.securitytracker.com/id/1039185"
}, },
{ {
"name" : "1039185", "name": "20170816 Cisco TelePresence Video Communication Server Denial of Service Vulnerability",
"refsource" : "SECTRACK", "refsource": "CISCO",
"url" : "http://www.securitytracker.com/id/1039185" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs"
} }
] ]
} }

68
2017/6xxx/CVE-2017-6918.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6918", "ID": "CVE-2017-6918",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed." "value": "CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf", "name": "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf" "url": "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf"
}, },
{ {
"name" : "https://github.com/bigtreecms/BigTree-CMS/issues/275", "name": "https://github.com/bigtreecms/BigTree-CMS/issues/275",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/bigtreecms/BigTree-CMS/issues/275" "url": "https://github.com/bigtreecms/BigTree-CMS/issues/275"
} }
] ]
} }

92
2017/7xxx/CVE-2017-7160.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7160", "ID": "CVE-2017-7160",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." "value": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://support.apple.com/HT208324", "name": "https://support.apple.com/HT208327",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://support.apple.com/HT208324" "url": "https://support.apple.com/HT208327"
}, },
{ {
"name" : "https://support.apple.com/HT208326", "name": "https://support.apple.com/HT208334",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://support.apple.com/HT208326" "url": "https://support.apple.com/HT208334"
}, },
{ {
"name" : "https://support.apple.com/HT208327", "name": "https://support.apple.com/HT208324",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://support.apple.com/HT208327" "url": "https://support.apple.com/HT208324"
}, },
{ {
"name" : "https://support.apple.com/HT208328", "name": "https://support.apple.com/HT208326",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://support.apple.com/HT208328" "url": "https://support.apple.com/HT208326"
}, },
{ {
"name" : "https://support.apple.com/HT208334", "name": "USN-3551-1",
"refsource" : "CONFIRM", "refsource": "UBUNTU",
"url" : "https://support.apple.com/HT208334" "url": "https://usn.ubuntu.com/3551-1/"
}, },
{ {
"name" : "USN-3551-1", "name": "https://support.apple.com/HT208328",
"refsource" : "UBUNTU", "refsource": "CONFIRM",
"url" : "https://usn.ubuntu.com/3551-1/" "url": "https://support.apple.com/HT208328"
} }
] ]
} }

82
2017/7xxx/CVE-2017-7815.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2017-7815", "ID": "CVE-2017-7815",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "56" "version_value": "56"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "On pages containing an iframe, the \"data:\" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not support the modal dialog functionality. This vulnerability affects Firefox < 56." "value": "On pages containing an iframe, the \"data:\" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not support the modal dialog functionality. This vulnerability affects Firefox < 56."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Spoofing attack with modal dialogs on non-e10s installations" "value": "Spoofing attack with modal dialogs on non-e10s installations"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1368981", "name": "1039465",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1368981" "url": "http://www.securitytracker.com/id/1039465"
}, },
{ {
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-21/", "name": "https://www.mozilla.org/security/advisories/mfsa2017-21/",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-21/" "url": "https://www.mozilla.org/security/advisories/mfsa2017-21/"
}, },
{ {
"name" : "101057", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1368981",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/101057" "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1368981"
}, },
{ {
"name" : "1039465", "name": "101057",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1039465" "url": "http://www.securityfocus.com/bid/101057"
} }
] ]
} }

82
2017/7xxx/CVE-2017-7816.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2017-7816", "ID": "CVE-2017-7816",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "56" "version_value": "56"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "WebExtensions could use popups and panels in the extension UI to load an \"about:\" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56." "value": "WebExtensions could use popups and panels in the extension UI to load an \"about:\" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "WebExtensions can load about: URLs in extension UI" "value": "WebExtensions can load about: URLs in extension UI"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1380597", "name": "1039465",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1380597" "url": "http://www.securitytracker.com/id/1039465"
}, },
{ {
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-21/", "name": "https://www.mozilla.org/security/advisories/mfsa2017-21/",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-21/" "url": "https://www.mozilla.org/security/advisories/mfsa2017-21/"
}, },
{ {
"name" : "101057", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1380597",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/101057" "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1380597"
}, },
{ {
"name" : "1039465", "name": "101057",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1039465" "url": "http://www.securityfocus.com/bid/101057"
} }
] ]
} }

80
2017/7xxx/CVE-2017-7981.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7981", "ID": "CVE-2017-7981",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by a '<?plugin SyntaxHighlighter syntax=\"c;id\"' line to execute the id command." "value": "Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by a '<?plugin SyntaxHighlighter syntax=\"c;id\"' line to execute the id command."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "41953", "name": "https://tuleap.net/file/shownotes.php?release_id=137#/linked-artifacts",
"refsource" : "EXPLOIT-DB", "refsource": "MISC",
"url" : "https://www.exploit-db.com/exploits/41953/" "url": "https://tuleap.net/file/shownotes.php?release_id=137#/linked-artifacts"
}, },
{ {
"name" : "https://github.com/xdrr/vulnerability-research/blob/master/webapp/tuleap/2017.04.tuleap-auth-ci.md", "name": "https://github.com/xdrr/vulnerability-research/blob/master/webapp/tuleap/2017.04.tuleap-auth-ci.md",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/xdrr/vulnerability-research/blob/master/webapp/tuleap/2017.04.tuleap-auth-ci.md" "url": "https://github.com/xdrr/vulnerability-research/blob/master/webapp/tuleap/2017.04.tuleap-auth-ci.md"
}, },
{ {
"name" : "https://tuleap.net/file/shownotes.php?release_id=137#/linked-artifacts", "name": "https://tuleap.net/plugins/tracker/?aid=10159",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://tuleap.net/file/shownotes.php?release_id=137#/linked-artifacts" "url": "https://tuleap.net/plugins/tracker/?aid=10159"
}, },
{ {
"name" : "https://tuleap.net/plugins/tracker/?aid=10159", "name": "41953",
"refsource" : "MISC", "refsource": "EXPLOIT-DB",
"url" : "https://tuleap.net/plugins/tracker/?aid=10159" "url": "https://www.exploit-db.com/exploits/41953/"
} }
] ]
} }

22
2018/10xxx/CVE-2018-10103.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10103", "ID": "CVE-2018-10103",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

68
2018/10xxx/CVE-2018-10468.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10468", "ID": "CVE-2018-10468",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the \"transferFlaw\" issue." "value": "The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the \"transferFlaw\" issue."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://medium.com/@jonghyk.song/uselessethereumtoken-uet-erc20-token-allows-attackers-to-steal-all-victims-balances-543d42ac808e", "name": "https://peckshield.com/2018/04/28/transferFlaw/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://medium.com/@jonghyk.song/uselessethereumtoken-uet-erc20-token-allows-attackers-to-steal-all-victims-balances-543d42ac808e" "url": "https://peckshield.com/2018/04/28/transferFlaw/"
}, },
{ {
"name" : "https://peckshield.com/2018/04/28/transferFlaw/", "name": "https://medium.com/@jonghyk.song/uselessethereumtoken-uet-erc20-token-allows-attackers-to-steal-all-victims-balances-543d42ac808e",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://peckshield.com/2018/04/28/transferFlaw/" "url": "https://medium.com/@jonghyk.song/uselessethereumtoken-uet-erc20-token-allows-attackers-to-steal-all-victims-balances-543d42ac808e"
} }
] ]
} }

22
2018/10xxx/CVE-2018-10687.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10687", "ID": "CVE-2018-10687",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

62
2018/10xxx/CVE-2018-10773.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10773", "ID": "CVE-2018-10773",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml." "value": "NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://docs.google.com/document/d/1k598A16gV9HPwFXnYkyrPwoRbnbFX6LAMRyzb_dxLCM/edit", "name": "https://docs.google.com/document/d/1k598A16gV9HPwFXnYkyrPwoRbnbFX6LAMRyzb_dxLCM/edit",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://docs.google.com/document/d/1k598A16gV9HPwFXnYkyrPwoRbnbFX6LAMRyzb_dxLCM/edit" "url": "https://docs.google.com/document/d/1k598A16gV9HPwFXnYkyrPwoRbnbFX6LAMRyzb_dxLCM/edit"
} }
] ]
} }

74
2018/14xxx/CVE-2018-14767.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14767", "ID": "CVE-2018-14767",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double \"To\" header and an empty \"To\" tag causes a segmentation fault and crash. The reason is missing input validation in the \"build_res_buf_from_sip_req\" core function. This could result in denial of service and potentially the execution of arbitrary code." "value": "In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double \"To\" header and an empty \"To\" tag causes a segmentation fault and crash. The reason is missing input validation in the \"build_res_buf_from_sip_req\" core function. This could result in denial of service and potentially the execution of arbitrary code."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[debian-lts-announce] 20180819 [SECURITY] [DLA 1471-1] kamailio security update", "name": "DSA-4267",
"refsource" : "MLIST", "refsource": "DEBIAN",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00018.html" "url": "https://www.debian.org/security/2018/dsa-4267"
}, },
{ {
"name" : "https://skalatan.de/blog/advisory-hw-2018-05", "name": "[debian-lts-announce] 20180819 [SECURITY] [DLA 1471-1] kamailio security update",
"refsource" : "MISC", "refsource": "MLIST",
"url" : "https://skalatan.de/blog/advisory-hw-2018-05" "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00018.html"
}, },
{ {
"name" : "DSA-4267", "name": "https://skalatan.de/blog/advisory-hw-2018-05",
"refsource" : "DEBIAN", "refsource": "MISC",
"url" : "https://www.debian.org/security/2018/dsa-4267" "url": "https://skalatan.de/blog/advisory-hw-2018-05"
} }
] ]
} }

116
2018/14xxx/CVE-2018-14851.json
View File

@ -1,106 +1,106 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14851", "ID": "CVE-2018-14851",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file." "value": "exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[debian-lts-announce] 20180901 [SECURITY] [DLA 1490-1] php5 security update", "name": "104871",
"refsource" : "MLIST", "refsource": "BID",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html" "url": "http://www.securityfocus.com/bid/104871"
}, },
{ {
"name" : "http://php.net/ChangeLog-5.php", "name": "http://php.net/ChangeLog-5.php",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://php.net/ChangeLog-5.php" "url": "http://php.net/ChangeLog-5.php"
}, },
{ {
"name" : "http://php.net/ChangeLog-7.php", "name": "https://security.netapp.com/advisory/ntap-20181107-0003/",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "http://php.net/ChangeLog-7.php" "url": "https://security.netapp.com/advisory/ntap-20181107-0003/"
}, },
{ {
"name" : "https://bugs.php.net/bug.php?id=76557", "name": "USN-3766-1",
"refsource" : "MISC", "refsource": "UBUNTU",
"url" : "https://bugs.php.net/bug.php?id=76557" "url": "https://usn.ubuntu.com/3766-1/"
}, },
{ {
"name" : "https://www.tenable.com/security/tns-2018-12", "name": "https://www.tenable.com/security/tns-2018-12",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://www.tenable.com/security/tns-2018-12" "url": "https://www.tenable.com/security/tns-2018-12"
}, },
{ {
"name" : "https://security.netapp.com/advisory/ntap-20181107-0003/", "name": "http://php.net/ChangeLog-7.php",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "https://security.netapp.com/advisory/ntap-20181107-0003/" "url": "http://php.net/ChangeLog-7.php"
}, },
{ {
"name" : "DSA-4353", "name": "https://bugs.php.net/bug.php?id=76557",
"refsource" : "DEBIAN", "refsource": "MISC",
"url" : "https://www.debian.org/security/2018/dsa-4353" "url": "https://bugs.php.net/bug.php?id=76557"
}, },
{ {
"name" : "USN-3766-1", "name": "DSA-4353",
"refsource" : "UBUNTU", "refsource": "DEBIAN",
"url" : "https://usn.ubuntu.com/3766-1/" "url": "https://www.debian.org/security/2018/dsa-4353"
}, },
{ {
"name" : "USN-3766-2", "name": "[debian-lts-announce] 20180901 [SECURITY] [DLA 1490-1] php5 security update",
"refsource" : "UBUNTU", "refsource": "MLIST",
"url" : "https://usn.ubuntu.com/3766-2/" "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html"
}, },
{ {
"name" : "104871", "name": "USN-3766-2",
"refsource" : "BID", "refsource": "UBUNTU",
"url" : "http://www.securityfocus.com/bid/104871" "url": "https://usn.ubuntu.com/3766-2/"
} }
] ]
} }

62
2018/14xxx/CVE-2018-14905.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14905", "ID": "CVE-2018-14905",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter." "value": "The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79", "name": "https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79" "url": "https://medium.com/stolabs/security-issues-on-3cx-web-service-d9dc7f1bea79"
} }
] ]
} }

22
2018/17xxx/CVE-2018-17167.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17167", "ID": "CVE-2018-17167",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

62
2018/17xxx/CVE-2018-17566.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17566", "ID": "CVE-2018-17566",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request." "value": "In ThinkPHP 5.1.24, the inner function delete can be used for SQL injection when its WHERE condition's value can be controlled by a user's request."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/top-think/think/issues/858", "name": "https://github.com/top-think/think/issues/858",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/top-think/think/issues/858" "url": "https://github.com/top-think/think/issues/858"
} }
] ]
} }

22
2018/17xxx/CVE-2018-17865.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17865", "ID": "CVE-2018-17865",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/20xxx/CVE-2018-20074.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20074", "ID": "CVE-2018-20074",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

74
2018/20xxx/CVE-2018-20123.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20123", "ID": "CVE-2018-20123",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error." "value": "pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20181213 CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug", "name": "106219",
"refsource" : "MLIST", "refsource": "BID",
"url" : "http://www.openwall.com/lists/oss-security/2018/12/13/4" "url": "http://www.securityfocus.com/bid/106219"
}, },
{ {
"name" : "[qemu-devel] 20181212 Re: [PATCH] pvrdma: release device resources in case of an error", "name": "[oss-security] 20181213 CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html" "url": "http://www.openwall.com/lists/oss-security/2018/12/13/4"
}, },
{ {
"name" : "106219", "name": "[qemu-devel] 20181212 Re: [PATCH] pvrdma: release device resources in case of an error",
"refsource" : "BID", "refsource": "MLIST",
"url" : "http://www.securityfocus.com/bid/106219" "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html"
} }
] ]
} }

22
2018/20xxx/CVE-2018-20765.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20765", "ID": "CVE-2018-20765",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

80
2018/9xxx/CVE-2018-9107.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9107", "ID": "CVE-2018-9107",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export." "value": "CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla! via a value that is mishandled in a CSV export."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "44369", "name": "https://www.acyba.com/acymailing/change-log.html",
"refsource" : "EXPLOIT-DB", "refsource": "MISC",
"url" : "https://www.exploit-db.com/exploits/44369/" "url": "https://www.acyba.com/acymailing/change-log.html"
}, },
{ {
"name" : "https://vel.joomla.org/articles/2140-introducing-csv-injection", "name": "44369",
"refsource" : "MISC", "refsource": "EXPLOIT-DB",
"url" : "https://vel.joomla.org/articles/2140-introducing-csv-injection" "url": "https://www.exploit-db.com/exploits/44369/"
}, },
{ {
"name" : "https://vel.joomla.org/resolved/2136-acymailing-5-9-5-csv-injection", "name": "https://vel.joomla.org/resolved/2136-acymailing-5-9-5-csv-injection",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://vel.joomla.org/resolved/2136-acymailing-5-9-5-csv-injection" "url": "https://vel.joomla.org/resolved/2136-acymailing-5-9-5-csv-injection"
}, },
{ {
"name" : "https://www.acyba.com/acymailing/change-log.html", "name": "https://vel.joomla.org/articles/2140-introducing-csv-injection",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.acyba.com/acymailing/change-log.html" "url": "https://vel.joomla.org/articles/2140-introducing-csv-injection"
} }
] ]
} }

62
2018/9xxx/CVE-2018-9158.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9158", "ID": "CVE-2018-9158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end." "value": "An issue was discovered on AXIS M1033-W (IP camera) Firmware version 5.40.5.1 devices. They don't employ a suitable mechanism to prevent a DoS attack, which leads to a response time delay. An attacker can use the hping3 tool to perform an IPv4 flood attack, and the services are interrupted from attack start to end."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.slideshare.net/secret/HpAEwK5qo5U4b1", "name": "https://www.slideshare.net/secret/HpAEwK5qo5U4b1",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.slideshare.net/secret/HpAEwK5qo5U4b1" "url": "https://www.slideshare.net/secret/HpAEwK5qo5U4b1"
} }
] ]
} }

88
2018/9xxx/CVE-2018-9493.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-10-02T00:00:00", "DATE_PUBLIC": "2018-10-02T00:00:00",
"ID" : "CVE-2018-9493", "ID": "CVE-2018-9493",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900" "value": "In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900"
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Information disclosure" "value": "Information disclosure"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://android.googlesource.com/platform/frameworks/base/+/462aaeaa616e0bb1342e8ef7b472acc0cbc93deb,", "name": "https://source.android.com/security/bulletin/2018-10-01,",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/base/+/462aaeaa616e0bb1342e8ef7b472acc0cbc93deb," "url": "https://source.android.com/security/bulletin/2018-10-01,"
}, },
{ {
"name" : "https://android.googlesource.com/platform/frameworks/base/+/ebc250d16c747f4161167b5ff58b3aea88b37acf", "name": "https://android.googlesource.com/platform/frameworks/base/+/ebc250d16c747f4161167b5ff58b3aea88b37acf",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://android.googlesource.com/platform/frameworks/base/+/ebc250d16c747f4161167b5ff58b3aea88b37acf" "url": "https://android.googlesource.com/platform/frameworks/base/+/ebc250d16c747f4161167b5ff58b3aea88b37acf"
}, },
{ {
"name" : "https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/e7364907439578ce5334bce20bb03fef2e88b107,", "name": "105484",
"refsource" : "MISC", "refsource": "BID",
"url" : "https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/e7364907439578ce5334bce20bb03fef2e88b107," "url": "http://www.securityfocus.com/bid/105484"
}, },
{ {
"name" : "https://source.android.com/security/bulletin/2018-10-01,", "name": "https://android.googlesource.com/platform/frameworks/base/+/462aaeaa616e0bb1342e8ef7b472acc0cbc93deb,",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "https://source.android.com/security/bulletin/2018-10-01," "url": "https://android.googlesource.com/platform/frameworks/base/+/462aaeaa616e0bb1342e8ef7b472acc0cbc93deb,"
}, },
{ {
"name" : "105484", "name": "https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/e7364907439578ce5334bce20bb03fef2e88b107,",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/105484" "url": "https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/e7364907439578ce5334bce20bb03fef2e88b107,"
} }
] ]
} }