admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 07:12:31 +00:00
parent 6197583952
commit 1a3df0b8bd
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 3597 additions and 3597 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
2002/0xxx/CVE-2002-0074.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0074", "ID": "CVE-2002-0074",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2002/Apr/0126.html" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session."
{ }
"name" : "http://www.cgisecurity.com/advisory/9.txt", ]
"refsource" : "MISC", },
"url" : "http://www.cgisecurity.com/advisory/9.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS02-018", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CA-2002-09", ]
"refsource" : "CERT", }
"url" : "http://www.cert.org/advisories/CA-2002-09.html" ]
}, },
{ "references": {
"name" : "VU#883091", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/883091" "name": "20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues",
}, "refsource": "BUGTRAQ",
{ "url": "http://seclists.org/bugtraq/2002/Apr/0126.html"
"name" : "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018", },
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml" "name": "VU#883091",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/883091"
"name" : "iis-help-file-css(8802)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8802.php" "name": "4483",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/4483"
"name" : "4483", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4483" "name": "http://www.cgisecurity.com/advisory/9.txt",
}, "refsource": "MISC",
{ "url": "http://www.cgisecurity.com/advisory/9.txt"
"name" : "3338", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/3338" "name": "oval:org.mitre.oval:def:46",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A46"
"name" : "oval:org.mitre.oval:def:46", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A46" "name": "3338",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/3338"
} },
} {
"name": "MS02-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018"
},
{
"name": "CA-2002-09",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-09.html"
},
{
"name": "iis-help-file-css(8802)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8802.php"
},
{
"name": "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml"
}
]
}
}

140
2002/0xxx/CVE-2002-0236.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0236", "ID": "CVE-2002-0236",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020205 Published Report of Vulnerability in Lucent VitalSuite Software", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101294507827698&w=2" "lang": "eng",
}, "value": "Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user."
{ }
"name" : "vitalnet-unauth-access(7936)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/7936.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3784", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3784" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "3784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3784"
},
{
"name": "20020205 Published Report of Vulnerability in Lucent VitalSuite Software",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101294507827698&w=2"
},
{
"name": "vitalnet-unauth-access(7936)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7936.php"
}
]
}
}

150
2002/0xxx/CVE-2002-0476.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0476", "ID": "CVE-2002-0476",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented \"save\" FSCommand."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020319 More SWF vulnerabilities?", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/262990" "lang": "eng",
}, "value": "Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented \"save\" FSCommand."
{ }
"name" : "http://www.macromedia.com/support/flash/ts/documents/fs_save.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://www.macromedia.com/support/flash/ts/documents/fs_save.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4320", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4320" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "flash-fscommand-save(8584)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/8584.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.macromedia.com/support/flash/ts/documents/fs_save.htm",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/support/flash/ts/documents/fs_save.htm"
},
{
"name": "flash-fscommand-save(8584)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8584.php"
},
{
"name": "20020319 More SWF vulnerabilities?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/262990"
},
{
"name": "4320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4320"
}
]
}
}

150
2002/1xxx/CVE-2002-1027.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1027", "ID": "CVE-2002-1027",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020717 KPMG-2002032: Macromedia Sitespring Cross Site Scripting", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/282742" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in the default HTTP 500 error script (500error.jsp) for Macromedia Sitespring 1.2.0 (277.1) allows remote attackers to execute arbitrary web script via a link to 500error.jsp with the script in 1the et parameter."
{ }
"name" : "20020717 [VulnWatch] KPMG-2002032: Macromedia Sitespring Cross Site Scripting", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0029.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5249", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5249" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "sitespring-500error-xss(9588)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/9588.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20020717 KPMG-2002032: Macromedia Sitespring Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/282742"
},
{
"name": "20020717 [VulnWatch] KPMG-2002032: Macromedia Sitespring Cross Site Scripting",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0029.html"
},
{
"name": "sitespring-500error-xss(9588)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9588.php"
},
{
"name": "5249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5249"
}
]
}
}

190
2002/1xxx/CVE-2002-1049.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1049", "ID": "CVE-2002-1049",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service (crash) via the TSI data element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020729 HylaFAX - Various Vulnerabilities Fixed", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html" "lang": "eng",
}, "value": "Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service (crash) via the TSI data element."
{ }
"name" : "DSA-148", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2002/dsa-148" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2002:055", "description": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:055" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SuSE-SA:2002:035", ]
"refsource" : "SUSE", }
"url" : "http://www.novell.com/linux/security/advisories/2002_035_hylafax.html" ]
}, },
{ "references": {
"name" : "http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300" "name": "20020729 HylaFAX - Various Vulnerabilities Fixed",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html"
"name" : "5348", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5348" "name": "http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300"
"name" : "hylafax-faxgetty-tsi-dos(9728)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9728.php" "name": "5002",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/5002"
"name" : "5002", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5002" "name": "SuSE-SA:2002:035",
} "refsource": "SUSE",
] "url": "http://www.novell.com/linux/security/advisories/2002_035_hylafax.html"
} },
} {
"name": "DSA-148",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-148"
},
{
"name": "MDKSA-2002:055",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:055"
},
{
"name": "hylafax-faxgetty-tsi-dos(9728)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9728.php"
},
{
"name": "5348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5348"
}
]
}
}

160
2002/1xxx/CVE-2002-1506.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1506", "ID": "CVE-2002-1506",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020828 iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0304.html" "lang": "eng",
}, "value": "Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated."
{ }
"name" : "20020828 iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0093.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.solucorp.qc.ca/changes.hc?projet=linuxconf&version=1.28r4", "description": [
"refsource" : "MISC", {
"url" : "http://www.solucorp.qc.ca/changes.hc?projet=linuxconf&version=1.28r4" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5585", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/5585" ]
}, },
{ "references": {
"name" : "linuxconf-linuxconflang-env-bo(9980)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9980.php" "name": "http://www.solucorp.qc.ca/changes.hc?projet=linuxconf&version=1.28r4",
} "refsource": "MISC",
] "url": "http://www.solucorp.qc.ca/changes.hc?projet=linuxconf&version=1.28r4"
} },
} {
"name": "5585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5585"
},
{
"name": "20020828 iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0304.html"
},
{
"name": "20020828 iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0093.html"
},
{
"name": "linuxconf-linuxconflang-env-bo(9980)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9980.php"
}
]
}
}

150
2002/1xxx/CVE-2002-1775.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1775", "ID": "CVE-2002-1775",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020307 Various Vulnerabilities in Norton Anti-Virus 2002", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/260271" "lang": "eng",
}, "value": "** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed."
{ }
"name" : "20020308 Re: Edvice Security Services <support@edvicesecurity.com, 000701c1c5fb$c168f970$5a01010a@mic2000", ]
"refsource" : "BUGTRAQ", },
"url" : "http://online.securityfocus.com/archive/1/260678" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4243", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4243" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "nav-nonrfc-bypass-protection(8390)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8390" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20020308 Re: Edvice Security Services <support@edvicesecurity.com, 000701c1c5fb$c168f970$5a01010a@mic2000",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/260678"
},
{
"name": "4243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4243"
},
{
"name": "20020307 Various Vulnerabilities in Norton Anti-Virus 2002",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/260271"
},
{
"name": "nav-nonrfc-bypass-protection(8390)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8390"
}
]
}
}

140
2002/1xxx/CVE-2002-1786.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1786", "ID": "CVE-2002-1786",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, which allows local users to read the core dumps and possibly obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020902-01-I", "description_data": [
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20020902-01-I" "lang": "eng",
}, "value": "SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, which allows local users to read the core dumps and possibly obtain sensitive information."
{ }
"name" : "5737", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5737" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "irix-root-coredumps(10138)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10138.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "irix-root-coredumps(10138)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10138.php"
},
{
"name": "5737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5737"
},
{
"name": "20020902-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020902-01-I"
}
]
}
}

140
2002/1xxx/CVE-2002-1832.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1832", "ID": "CVE-2002-1832",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the \"ipopts decode\" functionality in Firestorm IDS 0.4.0 through 0.4.2 allows remote attackers to cause a denial of service (crash) via certain IP options."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.scaramanga.co.uk/firestorm/NEWS", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.scaramanga.co.uk/firestorm/NEWS" "lang": "eng",
}, "value": "Unknown vulnerability in the \"ipopts decode\" functionality in Firestorm IDS 0.4.0 through 0.4.2 allows remote attackers to cause a denial of service (crash) via certain IP options."
{ }
"name" : "4871", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4871" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "firestorm-nids-ipoptions-dos(9192)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9192.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.scaramanga.co.uk/firestorm/NEWS",
"refsource": "CONFIRM",
"url": "http://www.scaramanga.co.uk/firestorm/NEWS"
},
{
"name": "4871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4871"
},
{
"name": "firestorm-nids-ipoptions-dos(9192)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9192.php"
}
]
}
}

170
2003/0xxx/CVE-2003-0068.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0068", "ID": "CVE-2003-0068",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030224 Terminal Emulator Security Issues", "description_data": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" "lang": "eng",
}, "value": "The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
{ }
"name" : "20030224 Terminal Emulator Security Issues", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-496", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-496" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2003:040", ]
"refsource" : "MANDRAKE", }
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040" ]
}, },
{ "references": {
"name" : "10237", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10237" "name": "10237",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/10237"
"name" : "terminal-emulator-window-title(11414)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/11414.php" "name": "20030224 Terminal Emulator Security Issues",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2"
} },
} {
"name": "MDKSA-2003:040",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040"
},
{
"name": "DSA-496",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-496"
},
{
"name": "terminal-emulator-window-title(11414)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11414.php"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
}
]
}
}

160
2003/0xxx/CVE-2003-0218.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0218", "ID": "CVE-2003-0218",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030420 Monkey HTTPd Remote Buffer Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105094204204166&w=2" "lang": "eng",
}, "value": "Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body."
{ }
"name" : "20030420 Monkey HTTPd Remote Buffer Overflow", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0029.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://monkeyd.sourceforge.net/Changelog.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://monkeyd.sourceforge.net/Changelog.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20030428 GLSA: monkeyd (200304-07.1)", ]
"refsource" : "BUGTRAQ", }
"url" : "http://marc.info/?l=bugtraq&m=105154473526898&w=2" ]
}, },
{ "references": {
"name" : "7202", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/7202" "name": "20030428 GLSA: monkeyd (200304-07.1)",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=105154473526898&w=2"
} },
} {
"name": "20030420 Monkey HTTPd Remote Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105094204204166&w=2"
},
{
"name": "20030420 Monkey HTTPd Remote Buffer Overflow",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0029.html"
},
{
"name": "7202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7202"
},
{
"name": "http://monkeyd.sourceforge.net/Changelog.txt",
"refsource": "CONFIRM",
"url": "http://monkeyd.sourceforge.net/Changelog.txt"
}
]
}
}

120
2003/0xxx/CVE-2003-0318.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0318", "ID": "CVE-2003-0318",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030517 PHP-Nuke code injection in Yearly Stats at Statistics module", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105319538308834&w=2" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030517 PHP-Nuke code injection in Yearly Stats at Statistics module",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105319538308834&w=2"
}
]
}
}

34
2003/0xxx/CVE-2003-0667.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0667", "ID": "CVE-2003-0667",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2003/1xxx/CVE-2003-1114.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1114", "ID": "CVE-2003-1114",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/" "lang": "eng",
}, "value": "The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite."
{ }
"name" : "CA-2003-06", ]
"refsource" : "CERT", },
"url" : "http://www.cert.org/advisories/CA-2003-06.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#528719", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/528719" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "6904", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/6904" ]
}, },
{ "references": {
"name" : "sip-invite(11379)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379" "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
} "refsource": "MISC",
] "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/"
} },
} {
"name": "VU#528719",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/528719"
},
{
"name": "CA-2003-06",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-06.html"
},
{
"name": "6904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6904"
},
{
"name": "sip-invite(11379)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379"
}
]
}
}

120
2003/1xxx/CVE-2003-1581.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1581", "ID": "CVE-2003-1581",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030304 Log corruption on multiple webservers, log analyzers,...", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/313867" "lang": "eng",
} "value": "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/313867"
}
]
}
}

160
2012/0xxx/CVE-2012-0466.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0466", "ID": "CVE-2012-0466",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120418 Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0135.html" "lang": "eng",
}, "value": "template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=745397", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=745397" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2012-6282", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079604.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2012-6368", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079432.html" ]
}, },
{ "references": {
"name" : "FEDORA-2012-6396", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079481.html" "name": "FEDORA-2012-6282",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079604.html"
} },
} {
"name": "20120418 Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0135.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=745397",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=745397"
},
{
"name": "FEDORA-2012-6396",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079481.html"
},
{
"name": "FEDORA-2012-6368",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079432.html"
}
]
}
}

34
2012/0xxx/CVE-2012-0940.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0940", "ID": "CVE-2012-0940",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/0xxx/CVE-2012-0951.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0951", "ID": "CVE-2012-0951",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/1xxx/CVE-2012-1230.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1230", "ID": "CVE-2012-1230",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2012/1xxx/CVE-2012-1651.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-1651", "ID": "CVE-2012-1651",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://drupal.org/node/1461470", ]
"refsource" : "MISC", },
"url" : "http://drupal.org/node/1461470" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupal.org/node/1132838", "description": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/1132838" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52226", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/52226" ]
}, },
{ "references": {
"name" : "79696", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/79696" "name": "http://drupal.org/node/1461470",
}, "refsource": "MISC",
{ "url": "http://drupal.org/node/1461470"
"name" : "48202", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48202" "name": "79696",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/79696"
} },
} {
"name": "52226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52226"
},
{
"name": "48202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48202"
},
{
"name": "http://drupal.org/node/1132838",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1132838"
},
{
"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
}
]
}
}

210
2012/1xxx/CVE-2012-1721.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-1721", "ID": "CVE-2012-1721",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1722."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1722."
{ }
"name" : "HPSBUX02805", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT100919", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:1455", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" ]
}, },
{ "references": {
"name" : "RHSA-2013:1456", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "SUSE-SU-2012:1265",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html"
"name" : "RHSA-2012:0734", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0734.html" "name": "SUSE-SU-2012:1231",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"
"name" : "SUSE-SU-2012:1231", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html" "name": "RHSA-2012:0734",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0734.html"
"name" : "SUSE-SU-2012:1265", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html" "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html"
"name" : "53959", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53959" "name": "53959",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/53959"
"name" : "oval:org.mitre.oval:def:16358", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16358" "name": "SSRT100919",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
} },
} {
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "oval:org.mitre.oval:def:16358",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16358"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "HPSBUX02805",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
}
]
}
}

150
2012/3xxx/CVE-2012-3732.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-3732", "ID": "CVE-2012-3732",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5503", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "lang": "eng",
}, "value": "Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity."
{ }
"name" : "APPLE-SA-2012-09-19-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "85625", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/85625" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "apple-ios-mail-cve20123732(78719)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78719" ]
} },
] "references": {
} "reference_data": [
} {
"name": "apple-ios-mail-cve20123732(78719)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78719"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "85625",
"refsource": "OSVDB",
"url": "http://osvdb.org/85625"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
}
]
}
}

150
2012/4xxx/CVE-2012-4172.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-4172", "ID": "CVE-2012-4172",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-23.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-23.html" "lang": "eng",
}, "value": "Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, and CVE-2012-5273."
{ }
"name" : "VU#872545", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/872545" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "86537", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/86537" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "adobe-cve20124172-bo(79544)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79544" ]
} },
] "references": {
} "reference_data": [
} {
"name": "VU#872545",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/872545"
},
{
"name": "86537",
"refsource": "OSVDB",
"url": "http://osvdb.org/86537"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-23.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-23.html"
},
{
"name": "adobe-cve20124172-bo(79544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79544"
}
]
}
}

150
2012/4xxx/CVE-2012-4176.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-4176", "ID": "CVE-2012-4176",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-23.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-23.html" "lang": "eng",
}, "value": "Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors."
{ }
"name" : "VU#872545", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/872545" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "86542", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/86542" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "adobe-cve20124176-code-exec(79548)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79548" ]
} },
] "references": {
} "reference_data": [
} {
"name": "VU#872545",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/872545"
},
{
"name": "86542",
"refsource": "OSVDB",
"url": "http://osvdb.org/86542"
},
{
"name": "adobe-cve20124176-code-exec(79548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79548"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-23.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-23.html"
}
]
}
}

220
2012/4xxx/CVE-2012-4262.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4262", "ID": "CVE-2012-4262",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18844", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18844" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php."
{ }
"name" : "http://packetstormsecurity.org/files/112462/myCare2x-CMS-Cross-Site-Scripting-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/files/112462/myCare2x-CMS-Cross-Site-Scripting-SQL-Injection.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.vulnerability-lab.com/get_content.php?id=524", "description": [
"refsource" : "MISC", {
"url" : "http://www.vulnerability-lab.com/get_content.php?id=524" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "53392", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/53392" ]
}, },
{ "references": {
"name" : "81687", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/81687" "name": "81689",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/81689"
"name" : "81688", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/81688" "name": "81687",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/81687"
"name" : "81689", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/81689" "name": "81690",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/81690"
"name" : "81690", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/81690" "name": "mycar2xcms-mycarepid-xss(75391)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75391"
"name" : "49029", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49029" "name": "http://www.vulnerability-lab.com/get_content.php?id=524",
}, "refsource": "MISC",
{ "url": "http://www.vulnerability-lab.com/get_content.php?id=524"
"name" : "mycar2xcms-mycarepid-xss(75391)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75391" "name": "18844",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/18844"
"name" : "mycare2x-multiple-xss(75392)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75392" "name": "53392",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/53392"
} },
} {
"name": "mycare2x-multiple-xss(75392)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75392"
},
{
"name": "http://packetstormsecurity.org/files/112462/myCare2x-CMS-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112462/myCare2x-CMS-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "49029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49029"
},
{
"name": "81688",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81688"
}
]
}
}

140
2012/4xxx/CVE-2012-4400.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4400", "ID": "CVE-2012-4400",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120917 Moodle security notifications public", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2012/09/17/1" "lang": "eng",
}, "value": "repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field."
{ }
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-30792", ]
"refsource" : "CONFIRM", },
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-30792" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://moodle.org/mod/forum/discuss.php?d=211555", "description": [
"refsource" : "CONFIRM", {
"url" : "http://moodle.org/mod/forum/discuss.php?d=211555" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-30792",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-30792"
},
{
"name": "[oss-security] 20120917 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/09/17/1"
},
{
"name": "http://moodle.org/mod/forum/discuss.php?d=211555",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=211555"
}
]
}
}

140
2012/4xxx/CVE-2012-4954.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-4954", "ID": "CVE-2012-4954",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a \"parameter manipulation\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#611988", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/611988" "lang": "eng",
}, "value": "The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a \"parameter manipulation\" issue."
{ }
"name" : "56483", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/56483" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "vanilla-forums-parameter-sec-bypass(80000)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80000" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "56483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56483"
},
{
"name": "vanilla-forums-parameter-sec-bypass(80000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80000"
},
{
"name": "VU#611988",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/611988"
}
]
}
}

150
2012/4xxx/CVE-2012-4985.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4985", "ID": "CVE-2012-4985",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.reactionpenetrationtesting.co.uk/forescout-nac-icmp-arp.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.reactionpenetrationtesting.co.uk/forescout-nac-icmp-arp.html" "lang": "eng",
}, "value": "The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets."
{ }
"name" : "56689", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/56689" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "87895", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/87895" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "forescout-security-bypass(80284)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80284" ]
} },
] "references": {
} "reference_data": [
} {
"name": "forescout-security-bypass(80284)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80284"
},
{
"name": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-icmp-arp.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/forescout-nac-icmp-arp.html"
},
{
"name": "56689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56689"
},
{
"name": "87895",
"refsource": "OSVDB",
"url": "http://osvdb.org/87895"
}
]
}
}

160
2012/5xxx/CVE-2012-5060.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-5060", "ID": "CVE-2012-5060",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension."
{ }
"name" : "GLSA-201308-06", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2013:150", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-1703-1", ]
"refsource" : "UBUNTU", }
"url" : "http://www.ubuntu.com/usn/USN-1703-1" ]
}, },
{ "references": {
"name" : "53372", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53372" "name": "USN-1703-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-1703-1"
} },
} {
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

34
2017/2xxx/CVE-2017-2262.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-2262", "ID": "CVE-2017-2262",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/2xxx/CVE-2017-2503.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2503", "ID": "CVE-2017-2503",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207797", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207797" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
{ }
"name" : "1038484", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1038484" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038484",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038484"
},
{
"name": "https://support.apple.com/HT207797",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207797"
}
]
}
}

140
2017/3xxx/CVE-2017-3026.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-3026", "ID": "CVE-2017-3026",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" "lang": "eng",
}, "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "97550", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97550" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038228", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038228" "lang": "eng",
} "value": "Use After Free"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038228",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038228"
},
{
"name": "97550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97550"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
}
]
}
}

140
2017/3xxx/CVE-2017-3103.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-3103", "ID": "CVE-2017-3103",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Connect 9.6.1 and earlier.", "product_name": "Adobe Connect 9.6.1 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Connect 9.6.1 and earlier." "version_value": "Adobe Connect 9.6.1 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/connect/apsb17-22.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://helpx.adobe.com/security/products/connect/apsb17-22.html" "lang": "eng",
}, "value": "Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack."
{ }
"name" : "99518", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99518" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038846", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038846" "lang": "eng",
} "value": "Cross-site scripting"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/connect/apsb17-22.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/connect/apsb17-22.html"
},
{
"name": "99518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99518"
},
{
"name": "1038846",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038846"
}
]
}
}

228
2017/3xxx/CVE-2017-3308.json
View File

@ -1,116 +1,116 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3308", "ID": "CVE-2017-3308",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.5.54 and earlier" "version_value": "5.5.54 and earlier"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.6.35 and earlier" "version_value": "5.6.35 and earlier"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.7.17 and earlier" "version_value": "5.7.17 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)."
{ }
"name" : "DSA-3834", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3834" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3944", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3944" "lang": "eng",
}, "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
{ }
"name" : "RHSA-2017:2886", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2017:2886" ]
}, },
{ "references": {
"name" : "RHSA-2017:2787", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2787" "name": "RHSA-2017:2787",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2787"
"name" : "RHSA-2017:2192", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2192" "name": "1038287",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1038287"
"name" : "RHSA-2018:0279", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0279" "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
"name" : "RHSA-2018:0574", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0574" "name": "RHSA-2018:0574",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0574"
"name" : "97725", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97725" "name": "DSA-3944",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3944"
"name" : "1038287", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038287" "name": "RHSA-2018:0279",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:0279"
} },
} {
"name": "97725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97725"
},
{
"name": "DSA-3834",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3834"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "RHSA-2017:2192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2192"
}
]
}
}

34
2017/3xxx/CVE-2017-3982.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-3982", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-3982",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

130
2017/6xxx/CVE-2017-6043.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-6043", "ID": "CVE-2017-6043",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Trihedral VTScada", "product_name": "Trihedral VTScada",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Trihedral VTScada" "version_value": "Trihedral VTScada"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01" "lang": "eng",
}, "value": "A Resource Consumption issue was discovered in Trihedral VTScada Versions prior to 11.2.26. The client does not properly validate the input or limit the amount of resources that are utilized by an attacker, which can be used to consume more resources than are available."
{ }
"name" : "99066", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99066" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01"
},
{
"name": "99066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99066"
}
]
}
}

34
2017/6xxx/CVE-2017-6101.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6101", "ID": "CVE-2017-6101",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/6xxx/CVE-2017-6237.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6237", "ID": "CVE-2017-6237",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/6xxx/CVE-2017-6354.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6354", "ID": "CVE-2017-6354",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/6xxx/CVE-2017-6392.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6392", "ID": "CVE-2017-6392",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \"server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337" "lang": "eng",
}, "value": "An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \"server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
{ }
"name" : "https://github.com/kaltura/server/issues/5303", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/kaltura/server/issues/5303" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96534", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96534" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "96534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96534"
},
{
"name": "https://github.com/kaltura/server/issues/5303",
"refsource": "CONFIRM",
"url": "https://github.com/kaltura/server/issues/5303"
},
{
"name": "https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337",
"refsource": "CONFIRM",
"url": "https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337"
}
]
}
}

140
2017/6xxx/CVE-2017-6410.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6410", "ID": "CVE-2017-6410",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.kde.org/info/security/advisory-20170228-1.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.kde.org/info/security/advisory-20170228-1.txt" "lang": "eng",
}, "value": "kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file."
{ }
"name" : "DSA-3849", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3849" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96515", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96515" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "DSA-3849",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"name": "96515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96515"
},
{
"name": "https://www.kde.org/info/security/advisory-20170228-1.txt",
"refsource": "CONFIRM",
"url": "https://www.kde.org/info/security/advisory-20170228-1.txt"
}
]
}
}

140
2017/7xxx/CVE-2017-7036.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7036", "ID": "CVE-2017-7036",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207922", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207922" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app."
{ }
"name" : "99882", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99882" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038951", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038951" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038951"
},
{
"name": "99882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99882"
},
{
"name": "https://support.apple.com/HT207922",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207922"
}
]
}
}

34
2017/7xxx/CVE-2017-7334.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7334", "ID": "CVE-2017-7334",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2017/7xxx/CVE-2017-7596.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7596", "ID": "CVE-2017-7596",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes" "lang": "eng",
}, "value": "LibTIFF 4.0.7 has an \"outside the range of representable values of type float\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
{ }
"name" : "DSA-3844", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3844" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201709-27", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201709-27" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-3602-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3602-1/" ]
}, },
{ "references": {
"name" : "97506", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97506" "name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes",
} "refsource": "MISC",
] "url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
} },
} {
"name": "DSA-3844",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3844"
},
{
"name": "GLSA-201709-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-27"
},
{
"name": "USN-3602-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3602-1/"
},
{
"name": "97506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97506"
}
]
}
}

34
2017/7xxx/CVE-2017-7707.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7707", "ID": "CVE-2017-7707",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/7xxx/CVE-2017-7968.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@se.com", "ASSIGNER": "cybersecurity@schneider-electric.com",
"ID" : "CVE-2017-7968", "ID": "CVE-2017-7968",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Schneider Electric Wonderware InduSoft Web Studio", "product_name": "Schneider Electric Wonderware InduSoft Web Studio",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Schneider Electric Wonderware InduSoft Web Studio" "version_value": "Schneider Electric Wonderware InduSoft Web Studio"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-276"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-02", "description_data": [
"refsource" : "MISC", {
"url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-02" "lang": "eng",
}, "value": "An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges."
{ }
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-138-02", ]
"refsource" : "MISC", },
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-138-02" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98544", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98544" "lang": "eng",
} "value": "CWE-276"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-138-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-138-02"
},
{
"name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-02",
"refsource": "MISC",
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2017-090-02"
},
{
"name": "98544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98544"
}
]
}
}

120
2018/10xxx/CVE-2018-10250.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10250", "ID": "CVE-2018-10250",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/idreamsoft/iCMS/issues/22", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/idreamsoft/iCMS/issues/22" "lang": "eng",
} "value": "iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/idreamsoft/iCMS/issues/22",
"refsource": "MISC",
"url": "https://github.com/idreamsoft/iCMS/issues/22"
}
]
}
}

140
2018/10xxx/CVE-2018-10665.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10665", "ID": "CVE-2018-10665",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ILIAS-eLearning/ILIAS/commit/3fe6aa778ca06080cf1b7303cbc458aa0c42392a", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/ILIAS-eLearning/ILIAS/commit/3fe6aa778ca06080cf1b7303cbc458aa0c42392a" "lang": "eng",
}, "value": "ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files."
{ }
"name" : "https://github.com/ILIAS-eLearning/ILIAS/commit/c9c9211bd689f2dda02006159e69a856eae8944d", ]
"refsource" : "MISC", },
"url" : "https://github.com/ILIAS-eLearning/ILIAS/commit/c9c9211bd689f2dda02006159e69a856eae8944d" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.openbugbounty.org/reports/608858/", "description": [
"refsource" : "MISC", {
"url" : "https://www.openbugbounty.org/reports/608858/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.openbugbounty.org/reports/608858/",
"refsource": "MISC",
"url": "https://www.openbugbounty.org/reports/608858/"
},
{
"name": "https://github.com/ILIAS-eLearning/ILIAS/commit/c9c9211bd689f2dda02006159e69a856eae8944d",
"refsource": "MISC",
"url": "https://github.com/ILIAS-eLearning/ILIAS/commit/c9c9211bd689f2dda02006159e69a856eae8944d"
},
{
"name": "https://github.com/ILIAS-eLearning/ILIAS/commit/3fe6aa778ca06080cf1b7303cbc458aa0c42392a",
"refsource": "MISC",
"url": "https://github.com/ILIAS-eLearning/ILIAS/commit/3fe6aa778ca06080cf1b7303cbc458aa0c42392a"
}
]
}
}

34
2018/10xxx/CVE-2018-10826.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10826", "ID": "CVE-2018-10826",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

260
2018/10xxx/CVE-2018-10880.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "lpardo@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-10880", "ID": "CVE-2018-10880",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "kernel", "product_name": "kernel",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "[UNKNOWN]" "vendor_name": "[UNKNOWN]"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-787"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" "lang": "eng",
}, "value": "Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service."
{ }
"name" : "http://patchwork.ozlabs.org/patch/930639/", ]
"refsource" : "CONFIRM", },
"url" : "http://patchwork.ozlabs.org/patch/930639/" "impact": {
}, "cvss": [
{ [
"name" : "https://bugzilla.kernel.org/show_bug.cgi?id=200005", {
"refsource" : "CONFIRM", "vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"url" : "https://bugzilla.kernel.org/show_bug.cgi?id=200005" "version": "3.0"
}, }
{ ]
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226", "description": [
"refsource" : "CONFIRM", {
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226" "lang": "eng",
}, "value": "CWE-787"
{ }
"name" : "RHSA-2018:2948", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:2948" ]
}, },
{ "references": {
"name" : "USN-3821-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3821-1/" "name": "USN-3821-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3821-1/"
"name" : "USN-3821-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3821-2/" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10880"
"name" : "USN-3871-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3871-1/" "name": "USN-3871-5",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3871-5/"
"name" : "USN-3871-3", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3871-3/" "name": "USN-3871-4",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3871-4/"
"name" : "USN-3871-4", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3871-4/" "name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
"name" : "USN-3871-5", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3871-5/" "name": "RHSA-2018:2948",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2948"
"name" : "106503", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106503" "name": "USN-3821-2",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3821-2/"
} },
} {
"name": "http://patchwork.ozlabs.org/patch/930639/",
"refsource": "CONFIRM",
"url": "http://patchwork.ozlabs.org/patch/930639/"
},
{
"name": "USN-3871-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-1/"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8cdb5240ec5928b20490a2bb34cb87e9a5f40226"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200005",
"refsource": "CONFIRM",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200005"
},
{
"name": "106503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106503"
},
{
"name": "USN-3871-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-3/"
}
]
}
}

34
2018/14xxx/CVE-2018-14134.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14134", "ID": "CVE-2018-14134",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

182
2018/17xxx/CVE-2018-17481.json
View File

@ -1,93 +1,93 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-17481", "ID": "CVE-2018-17481",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "71.0.3578.98" "version_value": "71.0.3578.98"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/901654", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/901654" "lang": "eng",
}, "value": "Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."
{ }
"name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html" "lang": "eng",
}, "value": "Use after free"
{ }
"name" : "DSA-4352", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2018/dsa-4352" ]
}, },
{ "references": {
"name" : "DSA-4395", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2019/dsa-4395" "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html",
}, "refsource": "CONFIRM",
{ "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop_12.html"
"name" : "RHSA-2018:3803", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3803" "name": "DSA-4395",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2019/dsa-4395"
"name" : "106084", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106084" "name": "https://crbug.com/901654",
} "refsource": "MISC",
] "url": "https://crbug.com/901654"
} },
} {
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "RHSA-2018:3803",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106084"
}
]
}
}

34
2018/17xxx/CVE-2018-17711.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17711", "ID": "CVE-2018-17711",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/20xxx/CVE-2018-20287.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20287", "ID": "CVE-2018-20287",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/20xxx/CVE-2018-20682.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20682", "ID": "CVE-2018-20682",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka \"Admin ids\" input in the Facebook section)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.netsparker.com/web-applications-advisories/ns-18-032-stored-cross-site-scripting-in-forkcms/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.netsparker.com/web-applications-advisories/ns-18-032-stored-cross-site-scripting-in-forkcms/" "lang": "eng",
} "value": "Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka \"Admin ids\" input in the Facebook section)."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netsparker.com/web-applications-advisories/ns-18-032-stored-cross-site-scripting-in-forkcms/",
"refsource": "MISC",
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-032-stored-cross-site-scripting-in-forkcms/"
}
]
}
}

120
2018/20xxx/CVE-2018-20758.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20758", "ID": "CVE-2018-20758",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/modxcms/revolution/issues/14103", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/modxcms/revolution/issues/14103" "lang": "eng",
} "value": "MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/modxcms/revolution/issues/14103",
"refsource": "MISC",
"url": "https://github.com/modxcms/revolution/issues/14103"
}
]
}
}

130
2018/20xxx/CVE-2018-20782.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20782", "ID": "CVE-2018-20782",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "46414", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/46414/" "lang": "eng",
}, "value": "The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages."
{ }
"name" : "https://github.com/GloBee-Official/woocommerce-payment-api-plugin/pull/2", ]
"refsource" : "MISC", },
"url" : "https://github.com/GloBee-Official/woocommerce-payment-api-plugin/pull/2" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/GloBee-Official/woocommerce-payment-api-plugin/pull/2",
"refsource": "MISC",
"url": "https://github.com/GloBee-Official/woocommerce-payment-api-plugin/pull/2"
},
{
"name": "46414",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46414/"
}
]
}
}

130
2018/9xxx/CVE-2018-9555.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2018-9555", "ID": "CVE-2018-9555",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112321180."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-12-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-12-01" "lang": "eng",
}, "value": "In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112321180."
{ }
"name" : "106147", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106147" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106147"
},
{
"name": "https://source.android.com/security/bulletin/2018-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-12-01"
}
]
}
}

34
2018/9xxx/CVE-2018-9817.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9817", "ID": "CVE-2018-9817",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }