admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:54:57 +00:00
parent 327a920dd3
commit 212e1a3652
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 3784 additions and 3784 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2002/0xxx/CVE-2002-0275.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0275", "ID": "CVE-2002-0275",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020213 Falcon Web Server Authentication Circumvention Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101363946626951&w=2" "lang": "eng",
}, "value": "Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL."
{ }
"name" : "20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=102253858809370&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4099", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/4099" ]
}, },
{ "references": {
"name" : "falcon-protected-dir-access(8189)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8189" "name": "20020213 Falcon Web Server Authentication Circumvention Vulnerability",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=101363946626951&w=2"
} },
} {
"name": "20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102253858809370&w=2"
},
{
"name": "4099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4099"
},
{
"name": "20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html"
},
{
"name": "falcon-protected-dir-access(8189)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8189"
}
]
}
}

140
2002/0xxx/CVE-2002-0606.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0606", "ID": "CVE-2002-0606",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020429 3CDaemon DoS exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0428.html" "lang": "eng",
}, "value": "Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login."
{ }
"name" : "4638", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4638" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3cdaemon-ftp-bo(8970)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8970.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20020429 3CDaemon DoS exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0428.html"
},
{
"name": "4638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4638"
},
{
"name": "3cdaemon-ftp-bo(8970)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8970.php"
}
]
}
}

180
2002/0xxx/CVE-2002-0871.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0871", "ID": "CVE-2002-0871",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-151", "description_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2002/dsa-151" "lang": "eng",
}, "value": "xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe."
{ }
"name" : "MDKSA-2002:053", ]
"refsource" : "MANDRAKE", },
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-053.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2002:196", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-196.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2003:228", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2003-228.html" ]
}, },
{ "references": {
"name" : "20020814 GLSA: xinetd", "reference_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=102935383506155&w=2" "name": "DSA-151",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2002/dsa-151"
"name" : "xinetd-signal-leak-dos(9844)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9844.php" "name": "20020814 GLSA: xinetd",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=102935383506155&w=2"
"name" : "5458", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5458" "name": "RHSA-2002:196",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2002-196.html"
} },
} {
"name": "RHSA-2003:228",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-228.html"
},
{
"name": "MDKSA-2002:053",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-053.php"
},
{
"name": "5458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5458"
},
{
"name": "xinetd-signal-leak-dos(9844)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9844.php"
}
]
}
}

140
2002/1xxx/CVE-2002-1109.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1109", "ID": "CVE-2002-1109",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://marc.info/?l=amavis-announce&m=103121272122242&w=2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://marc.info/?l=amavis-announce&m=103121272122242&w=2" "lang": "eng",
}, "value": "securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter."
{ }
"name" : "20020905 GLSA: amavis", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=103124270321404&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "amavis-securetar-tar-dos(10056)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10056.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://marc.info/?l=amavis-announce&m=103121272122242&w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=amavis-announce&m=103121272122242&w=2"
},
{
"name": "amavis-securetar-tar-dos(10056)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10056.php"
},
{
"name": "20020905 GLSA: amavis",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103124270321404&w=2"
}
]
}
}

130
2002/1xxx/CVE-2002-1577.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1577", "ID": "CVE-2002-1577",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020825 SAP R/3 default password vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103038238228119&w=2" "lang": "eng",
}, "value": "SAP R/3 2.0B to 4.6D installs several clients with default users and passwords, which allows remote attackers to gain privileges via the (1) SAP*, (2) SAPCPIC, (3) DDIC, (4) EARLYWATCH, or (5) TMSADM accounts."
{ }
"name" : "sap-r3-default-account(9964)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9964" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sap-r3-default-account(9964)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9964"
},
{
"name": "20020825 SAP R/3 default password vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103038238228119&w=2"
}
]
}
}

360
2003/0xxx/CVE-2003-0161.json
View File

@ -1,182 +1,182 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0161", "ID": "CVE-2003-0161",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special \"NOCHAR\" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030329 Sendmail: -1 gone wild", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104897487512238&w=2" "lang": "eng",
}, "value": "The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special \"NOCHAR\" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337."
{ }
"name" : "20030520 [Fwd: 127 Research and Development: 127 Day!]", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/321997" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20030331 GLSA: sendmail (200303-27)", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/316961/30/25250/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20030401 Immunix Secured OS 7+ openssl update", ]
"refsource" : "BUGTRAQ", }
"url" : "http://www.securityfocus.com/archive/1/317135/30/25220/threaded" ]
}, },
{ "references": {
"name" : "20030329 Sendmail: -1 gone wild", "reference_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html" "name": "1001088",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1"
"name" : "20030329 sendmail 8.12.9 available", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104896621106790&w=2" "name": "52620",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1"
"name" : "GLSA-200303-27", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml" "name": "20030401-01-P",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P"
"name" : "IMNX-2003-7+-002-01", },
"refsource" : "IMMUNIX", {
"url" : "http://www.securityfocus.com/archive/1/317135/30/25220/threaded" "name": "7230",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/7230"
"name" : "52620", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1" "name": "20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=104914999806315&w=2"
"name" : "52700", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1" "name": "RHSA-2003:120",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-120.html"
"name" : "1001088", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1" "name": "20030401 Immunix Secured OS 7+ openssl update",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
"name" : "CA-2003-12", },
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2003-12.html" "name": "DSA-278",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2003/dsa-278"
"name" : "VU#897604", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/897604" "name": "DSA-290",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2003/dsa-290"
"name" : "FreeBSD-SA-03:07", },
"refsource" : "FREEBSD", {
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc" "name": "IMNX-2003-7+-002-01",
}, "refsource": "IMMUNIX",
{ "url": "http://www.securityfocus.com/archive/1/317135/30/25220/threaded"
"name" : "RHSA-2003:120", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-120.html" "name": "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
}, "refsource": "CONFIRM",
{ "url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html"
"name" : "RHSA-2003:121", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-121.html" "name": "52700",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1"
"name" : "SCOSA-2004.11", },
"refsource" : "SCO", {
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt" "name": "CA-2003-12",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2003-12.html"
"name" : "20030401-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P" "name": "CSSA-2003-016.0",
}, "refsource": "CALDERA",
{ "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt"
"name" : "CSSA-2003-016.0", },
"refsource" : "CALDERA", {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt" "name": "20030331 GLSA: sendmail (200303-27)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/316961/30/25250/threaded"
"name" : "DSA-278", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2003/dsa-278" "name": "RHSA-2003:121",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-121.html"
"name" : "DSA-290", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2003/dsa-290" "name": "CLA-2003:614",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614"
"name" : "CLA-2003:614", },
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614" "name": "SCOSA-2004.11",
}, "refsource": "SCO",
{ "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt"
"name" : "20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104914999806315&w=2" "name": "GLSA-200303-27",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml"
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", },
"refsource" : "CONFIRM", {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html" "name": "20030329 Sendmail: -1 gone wild",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html"
"name" : "7230", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/7230" "name": "20030329 Sendmail: -1 gone wild",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=104897487512238&w=2"
} },
} {
"name": "FreeBSD-SA-03:07",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc"
},
{
"name": "20030520 [Fwd: 127 Research and Development: 127 Day!]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/321997"
},
{
"name": "20030329 sendmail 8.12.9 available",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104896621106790&w=2"
},
{
"name": "VU#897604",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/897604"
}
]
}
}

120
2003/0xxx/CVE-2003-0300.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0300", "ID": "CVE-2003-0300",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030514 Buffer overflows in multiple IMAP clients", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2" "lang": "eng",
} "value": "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105294024124163&w=2"
}
]
}
}

130
2003/0xxx/CVE-2003-0460.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0460", "ID": "CVE-2003-0460",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.apache.org/dist/httpd/Announcement.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.apache.org/dist/httpd/Announcement.html" "lang": "eng",
}, "value": "The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service."
{ }
"name" : "VU#694428", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/694428" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.apache.org/dist/httpd/Announcement.html",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/httpd/Announcement.html"
},
{
"name": "VU#694428",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/694428"
}
]
}
}

200
2003/0xxx/CVE-2003-0468.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0468", "ID": "CVE-2003-0468",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct \"bounce scans\" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a \"!\" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=106001525130257&w=2" "lang": "eng",
}, "value": "Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct \"bounce scans\" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a \"!\" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port."
{ }
"name" : "RHSA-2003:251", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2003-251.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-363", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2003/dsa-363" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2003:081", ]
"refsource" : "MANDRAKE", }
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:081" ]
}, },
{ "references": {
"name" : "SuSE-SA:2003:033", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2003_033_postfix.html" "name": "CLA-2003:717",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717"
"name" : "CLA-2003:717", },
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717" "name": "8333",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/8333"
"name" : "8333", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/8333" "name": "MDKSA-2003:081",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:081"
"name" : "oval:org.mitre.oval:def:522", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522" "name": "RHSA-2003:251",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-251.html"
"name" : "9433", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/9433" "name": "DSA-363",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2003/dsa-363"
} },
} {
"name": "20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106001525130257&w=2"
},
{
"name": "SuSE-SA:2003:033",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_033_postfix.html"
},
{
"name": "9433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9433"
},
{
"name": "oval:org.mitre.oval:def:522",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522"
}
]
}
}

220
2012/0xxx/CVE-2012-0442.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0442", "ID": "CVE-2012-0442",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=693399", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=693399" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=705347", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=705347" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2400", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2012/dsa-2400" ]
}, },
{ "references": {
"name" : "DSA-2402", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2402" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=705347",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=705347"
"name" : "DSA-2406", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2406" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=693399",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=693399"
"name" : "MDVSA-2012:013", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013" "name": "DSA-2402",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2402"
"name" : "SUSE-SU-2012:0198", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html" "name": "DSA-2400",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2400"
"name" : "SUSE-SU-2012:0221", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html" "name": "SUSE-SU-2012:0198",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html"
"name" : "openSUSE-SU-2012:0234", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html" "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-01.html"
"name" : "oval:org.mitre.oval:def:14678", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14678" "name": "MDVSA-2012:013",
} "refsource": "MANDRIVA",
] "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013"
} },
} {
"name": "DSA-2406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2406"
},
{
"name": "SUSE-SU-2012:0221",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html"
},
{
"name": "oval:org.mitre.oval:def:14678",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14678"
},
{
"name": "openSUSE-SU-2012:0234",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html"
}
]
}
}

130
2012/0xxx/CVE-2012-0742.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-0742", "ID": "CVE-2012-0742",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "OA38586", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1OA38586" "lang": "eng",
}, "value": "IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data."
{ }
"name" : "tep-aopsclog-info-disclosure(74641)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74641" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tep-aopsclog-info-disclosure(74641)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74641"
},
{
"name": "OA38586",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1OA38586"
}
]
}
}

190
2012/0xxx/CVE-2012-0753.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-0753", "ID": "CVE-2012-0753",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-03.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-03.html" "lang": "eng",
}, "value": "Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data."
{ }
"name" : "GLSA-201204-07", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201204-07.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2012:0144", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0144.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2012:0265", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:14795", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14795" "name": "openSUSE-SU-2012:0265",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html"
"name" : "oval:org.mitre.oval:def:15601", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15601" "name": "oval:org.mitre.oval:def:14795",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14795"
"name" : "48819", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48819" "name": "GLSA-201204-07",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201204-07.xml"
"name" : "48265", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48265" "name": "48265",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/48265"
} },
} {
"name": "oval:org.mitre.oval:def:15601",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15601"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-03.html"
},
{
"name": "RHSA-2012:0144",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0144.html"
},
{
"name": "48819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48819"
}
]
}
}

230
2012/0xxx/CVE-2012-0775.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-0775", "ID": "CVE-2012-0775",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-08.html" "lang": "eng",
}, "value": "The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."
{ }
"name" : "RHSA-2012:0469", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0469.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2012:0522", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2012:0524", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2012:0512", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html" "name": "RHSA-2012:0469",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0469.html"
"name" : "TA12-101B", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" "name": "48756",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48756"
"name" : "52949", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52949" "name": "http://www.adobe.com/support/security/bulletins/apsb12-08.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html"
"name" : "oval:org.mitre.oval:def:15477", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15477" "name": "SUSE-SU-2012:0524",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html"
"name" : "1026908", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026908" "name": "52949",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52949"
"name" : "48756", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48756" "name": "48846",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48846"
"name" : "48846", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48846" "name": "TA12-101B",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA12-101B.html"
"name" : "adobe-reader-javascript-code-exec(74733)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74733" "name": "SUSE-SU-2012:0522",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html"
} },
} {
"name": "openSUSE-SU-2012:0512",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html"
},
{
"name": "1026908",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026908"
},
{
"name": "oval:org.mitre.oval:def:15477",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15477"
},
{
"name": "adobe-reader-javascript-code-exec(74733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74733"
}
]
}
}

170
2012/0xxx/CVE-2012-0808.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-0808", "ID": "CVE-2012-0808",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120124 CVE requests: Suhosin extension / as31", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/01/24/7" "lang": "eng",
}, "value": "as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack."
{ }
"name" : "[oss-security] 20120124 Re: CVE requests: Suhosin extension / as31", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/01/24/11" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/07/05/1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2012/07/06/3" ]
}, },
{ "references": {
"name" : "[oss-security] 20120831 Re: Three CVE requests: at-spi2-atk, as31, naxsi", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/08/31/9" "name": "[oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/07/05/1"
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655496", },
"refsource" : "MISC", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655496" "name": "[oss-security] 20120124 Re: CVE requests: Suhosin extension / as31",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2012/01/24/11"
} },
} {
"name": "[oss-security] 20120124 CVE requests: Suhosin extension / as31",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/24/7"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655496",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655496"
},
{
"name": "[oss-security] 20120831 Re: Three CVE requests: at-spi2-atk, as31, naxsi",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/9"
},
{
"name": "[oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/3"
}
]
}
}

140
2012/1xxx/CVE-2012-1066.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1066", "ID": "CVE-2012-1066",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the template module in SmartyCMS 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the title bar."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://dl.packetstormsecurity.net/1202-exploits/smartycms-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://dl.packetstormsecurity.net/1202-exploits/smartycms-xss.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the template module in SmartyCMS 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the title bar."
{ }
"name" : "51805", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/51805" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "smartycms-template-xss(72918)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72918" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "51805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51805"
},
{
"name": "http://dl.packetstormsecurity.net/1202-exploits/smartycms-xss.txt",
"refsource": "MISC",
"url": "http://dl.packetstormsecurity.net/1202-exploits/smartycms-xss.txt"
},
{
"name": "smartycms-template-xss(72918)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72918"
}
]
}
}

180
2012/1xxx/CVE-2012-1116.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-1116", "ID": "CVE-2012-1116",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120306 CVE-request: Joomla! Security News 2012-03", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/03/06/5" "lang": "eng",
}, "value": "SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
{ }
"name" : "[oss-security] 20120306 Re: CVE-request: Joomla! Security News 2012-03", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/03/06/12" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://developer.joomla.org/security/news/391-20120301-core-sql-injection.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://developer.joomla.org/security/news/391-20120301-core-sql-injection.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52312", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/52312" ]
}, },
{ "references": {
"name" : "79837", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/79837" "name": "http://developer.joomla.org/security/news/391-20120301-core-sql-injection.html",
}, "refsource": "CONFIRM",
{ "url": "http://developer.joomla.org/security/news/391-20120301-core-sql-injection.html"
"name" : "48005", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48005" "name": "joomla-unspecified-param-sql-injection(73699)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73699"
"name" : "joomla-unspecified-param-sql-injection(73699)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73699" "name": "48005",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/48005"
} },
} {
"name": "[oss-security] 20120306 CVE-request: Joomla! Security News 2012-03",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/06/5"
},
{
"name": "[oss-security] 20120306 Re: CVE-request: Joomla! Security News 2012-03",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/06/12"
},
{
"name": "79837",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79837"
},
{
"name": "52312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52312"
}
]
}
}

170
2012/1xxx/CVE-2012-1571.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-1571", "ID": "CVE-2012-1571",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[file] 20120221 file-5.11 is now available", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mx.gw.com/pipermail/file/2012/000914.html" "lang": "eng",
}, "value": "file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference."
{ }
"name" : "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2422", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2012/dsa-2422" ]
}, },
{ "references": {
"name" : "MDVSA-2012:035", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035" "name": "DSA-2422",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2422"
"name" : "USN-2123-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2123-1" "name": "MDVSA-2012:035",
} "refsource": "MANDRIVA",
] "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:035"
} },
} {
"name": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b",
"refsource": "CONFIRM",
"url": "https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b"
},
{
"name": "[file] 20120221 file-5.11 is now available",
"refsource": "MLIST",
"url": "http://mx.gw.com/pipermail/file/2012/000914.html"
},
{
"name": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295",
"refsource": "CONFIRM",
"url": "https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295"
},
{
"name": "USN-2123-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2123-1"
}
]
}
}

230
2012/1xxx/CVE-2012-1769.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-1769", "ID": "CVE-2012-1769",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110."
{ }
"name" : "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx", ]
"refsource" : "CONFIRM", },
"url" : "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://technet.microsoft.com/security/advisory/2737111", "description": [
"refsource" : "CONFIRM", {
"url" : "http://technet.microsoft.com/security/advisory/2737111" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", ]
"refsource" : "CONFIRM", }
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" ]
}, },
{ "references": {
"name" : "MDVSA-2013:150", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "name": "54500",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/54500"
"name" : "MS12-067", },
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-067" "name": "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx",
}, "refsource": "CONFIRM",
{ "url": "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx"
"name" : "MS12-058", },
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-058" "name": "1027264",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027264"
"name" : "VU#118913", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/118913" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
"name" : "54500", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54500" "name": "VU#118913",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/118913"
"name" : "oval:org.mitre.oval:def:15721", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15721" "name": "MS12-058",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-058"
"name" : "1027264", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027264" "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
"name" : "outsideintechnology-ofilter-dos(77002)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77002" "name": "MS12-067",
} "refsource": "MS",
] "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-067"
} },
} {
"name": "oval:org.mitre.oval:def:15721",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15721"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "http://technet.microsoft.com/security/advisory/2737111",
"refsource": "CONFIRM",
"url": "http://technet.microsoft.com/security/advisory/2737111"
},
{
"name": "outsideintechnology-ofilter-dos(77002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77002"
}
]
}
}

130
2012/3xxx/CVE-2012-3189.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-3189", "ID": "CVE-2012-3189",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2012/3xxx/CVE-2012-3725.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-3725", "ID": "CVE-2012-3725",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5503", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "lang": "eng",
}, "value": "The DNAv4 protocol implementation in the DHCP component in Apple iOS before 6 sends Wi-Fi packets containing a MAC address of a host on a previously used network, which might allow remote attackers to obtain sensitive information about previous device locations by sniffing an unencrypted Wi-Fi network for these packets."
{ }
"name" : "APPLE-SA-2012-09-19-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "apple-ios-dhcp-cve20123725(78720)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78720" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "apple-ios-dhcp-cve20123725(78720)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78720"
}
]
}
}

140
2012/3xxx/CVE-2012-3738.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-3738", "ID": "CVE-2012-3738",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5503", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "lang": "eng",
}, "value": "The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions."
{ }
"name" : "APPLE-SA-2012-09-19-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "85620", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/85620" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "85620",
"refsource": "OSVDB",
"url": "http://osvdb.org/85620"
}
]
}
}

34
2012/3xxx/CVE-2012-3922.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3922", "ID": "CVE-2012-3922",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2012/4xxx/CVE-2012-4006.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2012-4006", "ID": "CVE-2012-4006",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#99192898", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN99192898/index.html" "lang": "eng",
}, "value": "The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application."
{ }
"name" : "JVNDB-2012-000077", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000077" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2012-000077",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000077"
},
{
"name": "JVN#99192898",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN99192898/index.html"
}
]
}
}

150
2012/4xxx/CVE-2012-4236.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4236", "ID": "CVE-2012-4236",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120813 Total Shop UK eCommerce Generic Cross-Site Scripting", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/08/13/7" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
{ }
"name" : "http://www.reactionpenetrationtesting.co.uk/totalshop-uk-generic-xss.html", ]
"refsource" : "MISC", },
"url" : "http://www.reactionpenetrationtesting.co.uk/totalshop-uk-generic-xss.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "54985", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54985" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "50238", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/50238" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.reactionpenetrationtesting.co.uk/totalshop-uk-generic-xss.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/totalshop-uk-generic-xss.html"
},
{
"name": "[oss-security] 20120813 Total Shop UK eCommerce Generic Cross-Site Scripting",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/13/7"
},
{
"name": "54985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54985"
},
{
"name": "50238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50238"
}
]
}
}

140
2012/4xxx/CVE-2012-4249.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4249", "ID": "CVE-2012-4249",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than CVE-2012-4248."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368" "lang": "eng",
}, "value": "The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than CVE-2012-4248."
{ }
"name" : "http://www.kb.cert.org/vuls/id/MORO-8WKGBN", ]
"refsource" : "CONFIRM", },
"url" : "http://www.kb.cert.org/vuls/id/MORO-8WKGBN" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#122656", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/122656" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368",
"refsource": "MISC",
"url": "http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368"
},
{
"name": "VU#122656",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/122656"
},
{
"name": "http://www.kb.cert.org/vuls/id/MORO-8WKGBN",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MORO-8WKGBN"
}
]
}
}

34
2012/4xxx/CVE-2012-4367.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4367", "ID": "CVE-2012-4367",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/4xxx/CVE-2012-4854.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4854", "ID": "CVE-2012-4854",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/4xxx/CVE-2012-4973.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4973", "ID": "CVE-2012-4973",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2017/1002xxx/CVE-2017-1002019.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED" : "2017-05-21", "DATE_ASSIGNED": "2017-05-21",
"ID" : "CVE-2017-1002019", "ID": "CVE-2017-1002019",
"REQUESTER" : "kurt@seifried.org", "REQUESTER": "kurt@seifried.org",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"UPDATED" : "2017-08-10T14:41Z" "UPDATED": "2017-08-10T14:41Z"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "eventr", "product_name": "eventr",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "1.02.2" "version_value": "1.02.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Binny V A" "vendor_name": "Binny V A"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.vapidlabs.com/advisory.php?v=192", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.vapidlabs.com/advisory.php?v=192" "lang": "eng",
}, "value": "Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter."
{ }
"name" : "https://wordpress.org/plugins/eventr/", ]
"refsource" : "MISC", },
"url" : "https://wordpress.org/plugins/eventr/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/eventr/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/eventr/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=192",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=192"
}
]
}
}

34
2017/2xxx/CVE-2017-2049.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-2049", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-2049",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/2xxx/CVE-2017-2063.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-2063", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-2063",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

126
2017/2xxx/CVE-2017-2227.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2227", "ID": "CVE-2017-2227",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "The installer of Charamin OMP", "product_name": "The installer of Charamin OMP",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Version 1.1.7.4 and earlier" "version_value": "Version 1.1.7.4 and earlier"
}, },
{ {
"version_value" : "Version 1.2.0.0 Beta and earlier" "version_value": "Version 1.2.0.0 Beta and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Charamin steering committee" "vendor_name": "Charamin steering committee"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#09293613", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN09293613/index.html" "lang": "eng",
} "value": "Untrusted search path vulnerability in The installer of Charamin OMP Version 1.1.7.4 and earlier, Version 1.2.0.0 Beta and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#09293613",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN09293613/index.html"
}
]
}
}

140
2017/2xxx/CVE-2017-2492.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2492", "ID": "CVE-2017-2492",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"JavaScriptCore\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207600", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207600" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"JavaScriptCore\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling."
{ }
"name" : "https://support.apple.com/HT207601", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207601" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207617", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207617" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT207601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207601"
},
{
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207600"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

34
2017/2xxx/CVE-2017-2574.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-2574", "ID": "CVE-2017-2574",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

394
2017/3xxx/CVE-2017-3732.json
View File

@ -1,199 +1,199 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "openssl-security@openssl.org", "ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC" : "2017-01-26", "DATE_PUBLIC": "2017-01-26",
"ID" : "CVE-2017-3732", "ID": "CVE-2017-3732",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "BN_mod_exp may produce incorrect results on x86_64" "TITLE": "BN_mod_exp may produce incorrect results on x86_64"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "OpenSSL", "product_name": "OpenSSL",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "openssl-1.1.0" "version_value": "openssl-1.1.0"
}, },
{ {
"version_value" : "openssl-1.1.0a" "version_value": "openssl-1.1.0a"
}, },
{ {
"version_value" : "openssl-1.1.0b" "version_value": "openssl-1.1.0b"
}, },
{ {
"version_value" : "openssl-1.1.0c" "version_value": "openssl-1.1.0c"
}, },
{ {
"version_value" : "openssl-1.0.2" "version_value": "openssl-1.0.2"
}, },
{ {
"version_value" : "openssl-1.0.2a" "version_value": "openssl-1.0.2a"
}, },
{ {
"version_value" : "openssl-1.0.2b" "version_value": "openssl-1.0.2b"
}, },
{ {
"version_value" : "openssl-1.0.2c" "version_value": "openssl-1.0.2c"
}, },
{ {
"version_value" : "openssl-1.0.2d" "version_value": "openssl-1.0.2d"
}, },
{ {
"version_value" : "openssl-1.0.2e" "version_value": "openssl-1.0.2e"
}, },
{ {
"version_value" : "openssl-1.0.2f" "version_value": "openssl-1.0.2f"
}, },
{ {
"version_value" : "openssl-1.0.2g" "version_value": "openssl-1.0.2g"
}, },
{ {
"version_value" : "openssl-1.0.2h" "version_value": "openssl-1.0.2h"
}, },
{ {
"version_value" : "openssl-1.0.2i" "version_value": "openssl-1.0.2i"
}, },
{ {
"version_value" : "openssl-1.0.2j" "version_value": "openssl-1.0.2j"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "OpenSSL" "vendor_name": "OpenSSL"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "OSS-Fuzz project"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem."
}
]
},
"impact" : [
{
"lang" : "eng",
"url" : "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value" : "Moderate"
}
],
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "carry-propagating bug"
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "OSS-Fuzz project"
"name" : "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b", }
"refsource" : "MISC", ],
"url" : "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b" "data_format": "MITRE",
}, "data_type": "CVE",
{ "data_version": "4.0",
"name" : "https://www.openssl.org/news/secadv/20170126.txt", "description": {
"refsource" : "CONFIRM", "description_data": [
"url" : "https://www.openssl.org/news/secadv/20170126.txt" {
}, "lang": "eng",
{ "value": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem."
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", }
"refsource" : "CONFIRM", ]
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" },
}, "impact": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "lang": "eng",
"refsource" : "CONFIRM", "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "value": "Moderate"
}, }
{ ],
"name" : "https://www.tenable.com/security/tns-2017-04", "problemtype": {
"refsource" : "CONFIRM", "problemtype_data": [
"url" : "https://www.tenable.com/security/tns-2017-04" {
}, "description": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "lang": "eng",
"refsource" : "CONFIRM", "value": "carry-propagating bug"
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }
}, ]
{ }
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us", ]
"refsource" : "CONFIRM", },
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us" "references": {
}, "reference_data": [
{ {
"name" : "FreeBSD-SA-17:02", "name": "RHSA-2018:2185",
"refsource" : "FREEBSD", "refsource": "REDHAT",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc" "url": "https://access.redhat.com/errata/RHSA-2018:2185"
}, },
{ {
"name" : "GLSA-201702-07", "name": "RHSA-2018:2186",
"refsource" : "GENTOO", "refsource": "REDHAT",
"url" : "https://security.gentoo.org/glsa/201702-07" "url": "https://access.redhat.com/errata/RHSA-2018:2186"
}, },
{ {
"name" : "RHSA-2018:2185", "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "https://access.redhat.com/errata/RHSA-2018:2185" "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
}, },
{ {
"name" : "RHSA-2018:2186", "name": "RHSA-2018:2713",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2186" "url": "https://access.redhat.com/errata/RHSA-2018:2713"
}, },
{ {
"name" : "RHSA-2018:2187", "name": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b",
"refsource" : "REDHAT", "refsource": "MISC",
"url" : "https://access.redhat.com/errata/RHSA-2018:2187" "url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
}, },
{ {
"name" : "RHSA-2018:2568", "name": "FreeBSD-SA-17:02",
"refsource" : "REDHAT", "refsource": "FREEBSD",
"url" : "https://access.redhat.com/errata/RHSA-2018:2568" "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
}, },
{ {
"name" : "RHSA-2018:2575", "name": "https://www.openssl.org/news/secadv/20170126.txt",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "https://access.redhat.com/errata/RHSA-2018:2575" "url": "https://www.openssl.org/news/secadv/20170126.txt"
}, },
{ {
"name" : "RHSA-2018:2713", "name": "1037717",
"refsource" : "REDHAT", "refsource": "SECTRACK",
"url" : "https://access.redhat.com/errata/RHSA-2018:2713" "url": "http://www.securitytracker.com/id/1037717"
}, },
{ {
"name" : "95814", "name": "RHSA-2018:2575",
"refsource" : "BID", "refsource": "REDHAT",
"url" : "http://www.securityfocus.com/bid/95814" "url": "https://access.redhat.com/errata/RHSA-2018:2575"
}, },
{ {
"name" : "1037717", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1037717" "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
} },
] {
} "name": "https://www.tenable.com/security/tns-2017-04",
} "refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2017-04"
},
{
"name": "GLSA-201702-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-07"
},
{
"name": "RHSA-2018:2568",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2568"
},
{
"name": "95814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95814"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us"
},
{
"name": "RHSA-2018:2187",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2187"
}
]
}
}

138
2017/6xxx/CVE-2017-6150.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "f5sirt@f5.com", "ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC" : "2018-02-28T00:00:00", "DATE_PUBLIC": "2018-02-28T00:00:00",
"ID" : "CVE-2017-6150", "ID": "CVE-2017-6150",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe", "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "13.0.0" "version_value": "13.0.0"
}, },
{ {
"version_value" : "12.1.0 - 12.1.3.1" "version_value": "12.1.0 - 12.1.3.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "F5 Networks, Inc." "vendor_name": "F5 Networks, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.f5.com/csp/article/K62712037", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.f5.com/csp/article/K62712037" "lang": "eng",
}, "value": "Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM)."
{ }
"name" : "103235", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103235" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103235"
},
{
"name": "https://support.f5.com/csp/article/K62712037",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K62712037"
}
]
}
}

140
2017/6xxx/CVE-2017-6178.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6178", "ID": "CVE-2017-6178",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41542", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41542/" "lang": "eng",
}, "value": "The IofCallDriver function in USBPcap 1.1.0.0 allows local users to gain privileges via a crafted 0x00090028 IOCTL call, which triggers a NULL pointer dereference."
{ }
"name" : "http://packetstormsecurity.com/files/141526/USBPcap-1.1.0.0-Privilege-Escalation.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/141526/USBPcap-1.1.0.0-Privilege-Escalation.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "97026", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97026" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/141526/USBPcap-1.1.0.0-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/141526/USBPcap-1.1.0.0-Privilege-Escalation.html"
},
{
"name": "41542",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41542/"
},
{
"name": "97026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97026"
}
]
}
}

150
2017/6xxx/CVE-2017-6622.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6622", "ID": "CVE-2017-6622",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Prime Collaboration Provisioning", "product_name": "Cisco Prime Collaboration Provisioning",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Prime Collaboration Provisioning" "version_value": "Cisco Prime Collaboration Provisioning"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-264"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42888", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42888/" "lang": "eng",
}, "value": "A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security constraints in certain HTTP request methods, which could allow access to files via the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.1. Cisco Bug IDs: CSCvc98724."
{ }
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1", ]
"refsource" : "CONFIRM", },
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98520", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98520" "lang": "eng",
}, "value": "CWE-264"
{ }
"name" : "1038507", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038507" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1038507",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038507"
},
{
"name": "98520",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98520"
},
{
"name": "42888",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42888/"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-pcp1"
}
]
}
}

160
2017/6xxx/CVE-2017-6896.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6896", "ID": "CVE-2017-6896",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41633", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41633/" "lang": "eng",
}, "value": "Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value."
{ }
"name" : "https://drive.google.com/file/d/0B6715xUqH18MX29uRlpaSVJ4OTA/view?usp=sharing", ]
"refsource" : "MISC", },
"url" : "https://drive.google.com/file/d/0B6715xUqH18MX29uRlpaSVJ4OTA/view?usp=sharing" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.indrajithan.com/DIGISOL_router_previlage_escaltion", "description": [
"refsource" : "MISC", {
"url" : "https://www.indrajithan.com/DIGISOL_router_previlage_escaltion" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://seclists.org/fulldisclosure/2017/Mar/52", ]
"refsource" : "MISC", }
"url" : "http://seclists.org/fulldisclosure/2017/Mar/52" ]
}, },
{ "references": {
"name" : "https://packetstormsecurity.com/files/141693/digisol-escalate.txt", "reference_data": [
"refsource" : "MISC", {
"url" : "https://packetstormsecurity.com/files/141693/digisol-escalate.txt" "name": "https://drive.google.com/file/d/0B6715xUqH18MX29uRlpaSVJ4OTA/view?usp=sharing",
} "refsource": "MISC",
] "url": "https://drive.google.com/file/d/0B6715xUqH18MX29uRlpaSVJ4OTA/view?usp=sharing"
} },
} {
"name": "http://seclists.org/fulldisclosure/2017/Mar/52",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/52"
},
{
"name": "https://packetstormsecurity.com/files/141693/digisol-escalate.txt",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/141693/digisol-escalate.txt"
},
{
"name": "41633",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41633/"
},
{
"name": "https://www.indrajithan.com/DIGISOL_router_previlage_escaltion",
"refsource": "MISC",
"url": "https://www.indrajithan.com/DIGISOL_router_previlage_escaltion"
}
]
}
}

130
2017/6xxx/CVE-2017-6909.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6909", "ID": "CVE-2017-6909",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the \"shimmie2-master/ext/chatbox/history/index.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/shish/shimmie2/issues/597", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/shish/shimmie2/issues/597" "lang": "eng",
}, "value": "An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data (log) passed to the \"shimmie2-master/ext/chatbox/history/index.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
{ }
"name" : "96932", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96932" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/shish/shimmie2/issues/597",
"refsource": "CONFIRM",
"url": "https://github.com/shish/shimmie2/issues/597"
},
{
"name": "96932",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96932"
}
]
}
}

150
2017/7xxx/CVE-2017-7266.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7266", "ID": "CVE-2017-7266",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the \"next\" parameter which then redirects to any domain irrespective of the Host header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466" "lang": "eng",
}, "value": "Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the \"next\" parameter which then redirects to any domain irrespective of the Host header."
{ }
"name" : "https://github.com/Netflix/security_monkey/pull/482", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/Netflix/security_monkey/pull/482" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/Netflix/security_monkey/releases/tag/v0.8.0", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/Netflix/security_monkey/releases/tag/v0.8.0" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "97088", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/97088" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/Netflix/security_monkey/releases/tag/v0.8.0",
"refsource": "CONFIRM",
"url": "https://github.com/Netflix/security_monkey/releases/tag/v0.8.0"
},
{
"name": "97088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97088"
},
{
"name": "https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466",
"refsource": "CONFIRM",
"url": "https://github.com/Netflix/security_monkey/commit/3b4da13efabb05970c80f464a50d3c1c12262466"
},
{
"name": "https://github.com/Netflix/security_monkey/pull/482",
"refsource": "CONFIRM",
"url": "https://github.com/Netflix/security_monkey/pull/482"
}
]
}
}

166
2017/7xxx/CVE-2017-7500.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "lpardo@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-7500", "ID": "CVE-2017-7500",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "rpm", "product_name": "rpm",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.13.0.2" "version_value": "4.13.0.2"
}, },
{ {
"version_value" : "4.14.0" "version_value": "4.14.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "[UNKNOWN]" "vendor_name": "[UNKNOWN]"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-59"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500" "lang": "eng",
}, "value": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege."
{ }
"name" : "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9" "impact": {
}, "cvss": [
{ [
"name" : "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79", {
"refsource" : "CONFIRM", "vectorString": "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"url" : "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79" "version": "3.0"
} }
] ]
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9",
"refsource": "CONFIRM",
"url": "https://github.com/rpm-software-management/rpm/commit/c815822c8bdb138066ff58c624ae83e3a12ebfa9"
},
{
"name": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79",
"refsource": "CONFIRM",
"url": "https://github.com/rpm-software-management/rpm/commit/f2d3be2a8741234faaa96f5fd05fdfdc75779a79"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7500"
}
]
}
}

160
2017/7xxx/CVE-2017-7585.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7585", "ID": "CVE-2017-7585",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/", "description_data": [
"refsource" : "MISC", {
"url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/" "lang": "eng",
}, "value": "In libsndfile before 1.0.28, an error in the \"flac_buffer_copy()\" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file."
{ }
"name" : "http://www.mega-nerd.com/libsndfile/#History", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mega-nerd.com/libsndfile/#History" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.mega-nerd.com/libsndfile/NEWS", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.mega-nerd.com/libsndfile/NEWS" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0" ]
}, },
{ "references": {
"name" : "GLSA-201707-04", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201707-04" "name": "http://www.mega-nerd.com/libsndfile/#History",
} "refsource": "CONFIRM",
] "url": "http://www.mega-nerd.com/libsndfile/#History"
} },
} {
"name": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0",
"refsource": "CONFIRM",
"url": "https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0"
},
{
"name": "http://www.mega-nerd.com/libsndfile/NEWS",
"refsource": "CONFIRM",
"url": "http://www.mega-nerd.com/libsndfile/NEWS"
},
{
"name": "GLSA-201707-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-04"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/"
}
]
}
}

152
2017/7xxx/CVE-2017-7759.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2017-7759", "ID": "CVE-2017-7759",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "54" "version_value": "54"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local \"file:\" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Android intent URLs can cause navigation to local file system"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1356893", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1356893" "lang": "eng",
}, "value": "Android intent URLs given to Firefox for Android can be used to navigate from HTTP or HTTPS URLs to local \"file:\" URLs, allowing for the reading of local data through a violation of same-origin policy. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 54."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99052", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99052" "lang": "eng",
}, "value": "Android intent URLs can cause navigation to local file system"
{ }
"name" : "1038689", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038689" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://www.mozilla.org/security/advisories/mfsa2017-15/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
},
{
"name": "1038689",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038689"
},
{
"name": "99052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99052"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356893",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356893"
}
]
}
}

120
2017/7xxx/CVE-2017-7914.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-7914", "ID": "CVE-2017-7914",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rockwell Automation PanelView Plus 6 700-1500", "product_name": "Rockwell Automation PanelView Plus 6 700-1500",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Rockwell Automation PanelView Plus 6 700-1500" "version_value": "Rockwell Automation PanelView Plus 6 700-1500"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023. There is no authorization check when connecting to the device, allowing an attacker remote access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-882"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-157-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-157-01" "lang": "eng",
} "value": "A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023. There is no authorization check when connecting to the device, allowing an attacker remote access."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-882"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-157-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-157-01"
}
]
}
}

34
2018/10xxx/CVE-2018-10006.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10006", "ID": "CVE-2018-10006",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/10xxx/CVE-2018-10195.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10195", "ID": "CVE-2018-10195",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

240
2018/10xxx/CVE-2018-10877.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "lpardo@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-10877", "ID": "CVE-2018-10877",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "kernel", "product_name": "kernel",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "[UNKNOWN]" "vendor_name": "[UNKNOWN]"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html" "lang": "eng",
}, "value": "Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877" "impact": {
}, "cvss": [
{ [
"name" : "RHSA-2018:2948", {
"refsource" : "REDHAT", "vectorString": "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"url" : "https://access.redhat.com/errata/RHSA-2018:2948" "version": "3.0"
}, }
{ ]
"name" : "USN-3753-1", ]
"refsource" : "UBUNTU", },
"url" : "https://usn.ubuntu.com/3753-1/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3753-2", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3753-2/" "lang": "eng",
}, "value": "CWE-125"
{ }
"name" : "USN-3754-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3754-1/" ]
}, },
{ "references": {
"name" : "USN-3871-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3871-1/" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877"
"name" : "USN-3871-3", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3871-3/" "name": "USN-3753-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3753-2/"
"name" : "USN-3871-4", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3871-4/" "name": "USN-3754-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3754-1/"
"name" : "USN-3871-5", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3871-5/" "name": "USN-3871-5",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3871-5/"
"name" : "106503", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106503" "name": "USN-3871-4",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3871-4/"
} },
} {
"name": "[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "USN-3871-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-1/"
},
{
"name": "106503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106503"
},
{
"name": "USN-3753-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3753-1/"
},
{
"name": "USN-3871-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-3/"
}
]
}
}

34
2018/14xxx/CVE-2018-14577.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14577", "ID": "CVE-2018-14577",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/14xxx/CVE-2018-14683.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14683", "ID": "CVE-2018-14683",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2018/14xxx/CVE-2018-14784.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-08-09T00:00:00", "DATE_PUBLIC": "2018-08-09T00:00:00",
"ID" : "CVE-2018-14784", "ID": "CVE-2018-14784",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior.", "product_name": "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior." "version_value": "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ICS-CERT" "vendor_name": "ICS-CERT"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-02", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-02" "lang": "eng",
}, "value": "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device."
{ }
"name" : "105053", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105053" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-221-02"
},
{
"name": "105053",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105053"
}
]
}
}

162
2018/15xxx/CVE-2018-15610.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "securityalerts@avaya.com", "ASSIGNER": "securityalerts@avaya.com",
"ID" : "CVE-2018-15610", "ID": "CVE-2018-15610",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Improper access controls in IP Office one-X Portal" "TITLE": "Improper access controls in IP Office one-X Portal"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "IP Office", "product_name": "IP Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2" "version_value": "9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Avaya" "vendor_name": "Avaya"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.3,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-284: Improper Access Control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://downloads.avaya.com/css/P8/documents/101051984", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://downloads.avaya.com/css/P8/documents/101051984" "lang": "eng",
} "value": "A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 through 9.1 SP12, 10.0 through 10.0 SP7, and 10.1 through 10.1 SP2."
] }
}, ]
"source" : { },
"advisory" : "ASA-2018-256", "impact": {
"discovery" : "EXTERNAL" "cvss": {
} "attackComplexity": "LOW",
} "attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.avaya.com/css/P8/documents/101051984",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101051984"
}
]
},
"source": {
"advisory": "ASA-2018-256",
"discovery": "EXTERNAL"
}
}

34
2018/20xxx/CVE-2018-20655.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20655", "ID": "CVE-2018-20655",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/20xxx/CVE-2018-20695.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20695", "ID": "CVE-2018-20695",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

142
2018/9xxx/CVE-2018-9504.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-10-02T00:00:00", "DATE_PUBLIC": "2018-10-02T00:00:00",
"ID" : "CVE-2018-9504", "ID": "CVE-2018-9504",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2", "description_data": [
"refsource" : "MISC", {
"url" : "https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2" "lang": "eng",
}, "value": "In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176"
{ }
"name" : "https://source.android.com/security/bulletin/2018-10-01,", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/2018-10-01," "problemtype": {
}, "problemtype_data": [
{ {
"name" : "105482", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105482" "lang": "eng",
} "value": "Remote code execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "105482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105482"
},
{
"name": "https://source.android.com/security/bulletin/2018-10-01,",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-10-01,"
},
{
"name": "https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2",
"refsource": "MISC",
"url": "https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2"
}
]
}
}

34
2018/9xxx/CVE-2018-9600.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9600", "ID": "CVE-2018-9600",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9625.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9625", "ID": "CVE-2018-9625",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9685.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9685", "ID": "CVE-2018-9685",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9731.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9731", "ID": "CVE-2018-9731",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }