admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:42:48 +00:00
parent 0d550373db
commit 26d865d916
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3771 additions and 3771 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2001/0xxx/CVE-2001-0807.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0807", "ID": "CVE-2001-0807",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010606 security bug Internet Explorer 5", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=189341" "lang": "eng",
}, "value": "Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file."
{ }
"name" : "ie-local-file-disclosure(6688)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6688" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-local-file-disclosure(6688)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6688"
},
{
"name": "20010606 security bug Internet Explorer 5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=189341"
}
]
}
}

210
2001/0xxx/CVE-2001-0925.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0925", "ID": "CVE-2001-0925",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010312 FORW: [ANNOUNCE] Apache 1.3.19 Released", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/168497" "lang": "eng",
}, "value": "The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex."
{ }
"name" : "20010624 Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/193081" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20010419 OpenBSD 2.8patched Apache vuln!", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/178066" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20010726 Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS", ]
"refsource" : "BUGTRAQ", }
"url" : "http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1" ]
}, },
{ "references": {
"name" : "http://www.apacheweek.com/features/security-13", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.apacheweek.com/features/security-13" "name": "20010624 Fw: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directory Listing Exploit",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/193081"
"name" : "MDKSA-2001:077", },
"refsource" : "MANDRAKE", {
"url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3" "name": "http://www.apacheweek.com/features/security-13",
}, "refsource": "CONFIRM",
{ "url": "http://www.apacheweek.com/features/security-13"
"name" : "DSA-067", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2001/dsa-067" "name": "20010419 OpenBSD 2.8patched Apache vuln!",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/178066"
"name" : "ESA-20010620-02", },
"refsource" : "ENGARDE", {
"url" : "http://www.linuxsecurity.com/advisories/other_advisory-1452.html" "name": "ESA-20010620-02",
}, "refsource": "ENGARDE",
{ "url": "http://www.linuxsecurity.com/advisories/other_advisory-1452.html"
"name" : "2503", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2503" "name": "20010726 Apache Artificially Long Slash Path Directory Listing Vulnerabili ty -- FILE READ ACCESS",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-27&end=2002-02-02&mid=199857&threads=1"
"name" : "apache-slash-directory-listing(6921)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6921" "name": "apache-slash-directory-listing(6921)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6921"
} },
} {
"name": "20010312 FORW: [ANNOUNCE] Apache 1.3.19 Released",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/168497"
},
{
"name": "DSA-067",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-067"
},
{
"name": "MDKSA-2001:077",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077.php3"
},
{
"name": "2503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2503"
}
]
}
}

120
2001/0xxx/CVE-2001-0934.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0934", "ID": "CVE-2001-0934",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011128 PowerFTP-server-Bugs&Exploits-Remotes", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=100698397818175&w=2" "lang": "eng",
} "value": "Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011128 PowerFTP-server-Bugs&Exploits-Remotes",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=100698397818175&w=2"
}
]
}
}

180
2001/1xxx/CVE-2001-1314.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1314", "ID": "CVE-2001-1314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010731 RE: CERT Advisory CA-2001-18, Critical Path directory products ar e vulnerable", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-07/0770.html" "lang": "eng",
}, "value": "Buffer overflows in Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
{ }
"name" : "VU#657547", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/657547" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "L-116", "description": [
"refsource" : "CIAC", {
"url" : "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CA-2001-18", ]
"refsource" : "CERT", }
"url" : "http://www.cert.org/advisories/CA-2001-18.html" ]
}, },
{ "references": {
"name" : "http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM" "name": "http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM",
}, "refsource": "CONFIRM",
{ "url": "http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM"
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/", },
"refsource" : "MISC", {
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/" "name": "CA-2001-18",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2001-18.html"
"name" : "3124", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3124" "name": "20010731 RE: CERT Advisory CA-2001-18, Critical Path directory products ar e vulnerable",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0770.html"
} },
} {
"name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/",
"refsource": "MISC",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/"
},
{
"name": "L-116",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml"
},
{
"name": "VU#657547",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/657547"
},
{
"name": "3124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3124"
}
]
}
}

140
2001/1xxx/CVE-2001-1423.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1423", "ID": "CVE-2001-1423",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#140723", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/140723" "lang": "eng",
}, "value": "Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter."
{ }
"name" : "1002516", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1002516" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "advancedpoll-php-admin-access(7861)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7861" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#140723",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/140723"
},
{
"name": "1002516",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1002516"
},
{
"name": "advancedpoll-php-admin-access(7861)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7861"
}
]
}
}

150
2001/1xxx/CVE-2001-1518.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1518", "ID": "CVE-2001-1518",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011112 RADIX1112200103", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/236113" "lang": "eng",
}, "value": "RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this vulnerability, however the vendor also presents a scenario in which other users could be affected if running on a Terminal Server. Therefore this is a vulnerability."
{ }
"name" : "20011114 RE:Radix Research Reports RADIX1112200101, RADIX1112200102, and RADIX1112200103", ]
"refsource" : "BUGTRAQ", },
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3291", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3291" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "win2k-runas-dos(7533)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/7533.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20011114 RE:Radix Research Reports RADIX1112200101, RADIX1112200102, and RADIX1112200103",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00100.html"
},
{
"name": "3291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3291"
},
{
"name": "win2k-runas-dos(7533)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7533.php"
},
{
"name": "20011112 RADIX1112200103",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/236113"
}
]
}
}

220
2006/2xxx/CVE-2006-2086.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2086", "ID": "CVE-2006-2086",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060426 [EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/432155/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter."
{ }
"name" : "http://www.eeye.com/html/research/advisories/AD20060424.html", ]
"refsource" : "MISC", },
"url" : "http://www.eeye.com/html/research/advisories/AD20060424.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#477604", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/477604" ]
}, },
{ "references": {
"name" : "17712", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17712" "name": "19842",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19842"
"name" : "ADV-2006-1543", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1543" "name": "819",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/819"
"name" : "25001", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/25001" "name": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt"
"name" : "1016000", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016000" "name": "http://www.eeye.com/html/research/advisories/AD20060424.html",
}, "refsource": "MISC",
{ "url": "http://www.eeye.com/html/research/advisories/AD20060424.html"
"name" : "19842", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19842" "name": "ADV-2006-1543",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1543"
"name" : "819", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/819" "name": "20060426 [EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/432155/100/0/threaded"
"name" : "juniper-ive-activex-bo(26077)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26077" "name": "juniper-ive-activex-bo(26077)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26077"
} },
} {
"name": "25001",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25001"
},
{
"name": "VU#477604",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/477604"
},
{
"name": "1016000",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016000"
},
{
"name": "17712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17712"
}
]
}
}

180
2006/2xxx/CVE-2006-2606.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2606", "ID": "CVE-2006-2606",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and other versions, allows remote attackers to inject arbitrary web script or HTML via the username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060522 Chatty improper input sanitizing", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/434819/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and other versions, allows remote attackers to inject arbitrary web script or HTML via the username."
{ }
"name" : "18082", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18082" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-1962", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/1962" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1016152", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1016152" ]
}, },
{ "references": {
"name" : "20259", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20259" "name": "1016152",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016152"
"name" : "963", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/963" "name": "20060522 Chatty improper input sanitizing",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/434819/100/0/threaded"
"name" : "chatty-index-xss(26631)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26631" "name": "chatty-index-xss(26631)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26631"
} },
} {
"name": "18082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18082"
},
{
"name": "ADV-2006-1962",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1962"
},
{
"name": "20259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20259"
},
{
"name": "963",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/963"
}
]
}
}

330
2006/2xxx/CVE-2006-2635.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2635", "ID": "CVE-2006-2635",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as \"<scr<script>ipt>\" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) \"Assign new module\" and (16) \"Create new user module\" in (k) tiki-admin_modules.php, (17) an unspecified field in \"Add notification\" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in \"Create new template\" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060525 Multiple XSS Vulnerabilities in Tikiwiki 1.9.x", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435127/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as \"<scr<script>ipt>\" in (1) offset and (2) days parameters in (a) tiki-lastchanges.php, the (3) find and (4) offset parameters in (b) tiki-orphan_pages.php, the (5) offset and (6) initial parameters in (c) tiki-listpages.php, and (7) an unspecified field in (d) tiki-remind_password.php; and allow remote authenticated users with admin privileges to inject arbitrary web script or HTML via (8) an unspecified field in a metatags action in (e) tiki-admin.php, the (9) offset parameter in (f) tiki-admin_rssmodules.php, the (10) offset and (11) max parameters in (g) tiki-syslog.php, the (12) numrows parameter in (h) tiki-adminusers.php, (13) an unspecified field in (i) tiki-adminusers.php, (14) an unspecified field in (j) tiki-admin_hotwords.php, unspecified fields in (15) \"Assign new module\" and (16) \"Create new user module\" in (k) tiki-admin_modules.php, (17) an unspecified field in \"Add notification\" in (l) tiki-admin_notifications.php, (18) the offset parameter in (m) tiki-admin_notifications.php, the (19) Name and (20) Dsn fields in (o) tiki-admin_dsn.php, the (21) offset parameter in (p) tiki-admin_content_templates.php, (22) an unspecified field in \"Create new template\" in (q) tiki-admin_content_templates.php, and the (23) offset parameter in (r) tiki-admin_chat.php."
{ }
"name" : "20060608 Tikiwiki 1.9.3.2 security release", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/436432/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://tikiwiki.org/tiki-read_article.php?articleId=131", "description": [
"refsource" : "CONFIRM", {
"url" : "http://tikiwiki.org/tiki-read_article.php?articleId=131" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18143", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/18143" ]
}, },
{ "references": {
"name" : "ADV-2006-2024", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2024" "name": "18143",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18143"
"name" : "26048", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26048" "name": "http://tikiwiki.org/tiki-read_article.php?articleId=131",
}, "refsource": "CONFIRM",
{ "url": "http://tikiwiki.org/tiki-read_article.php?articleId=131"
"name" : "26049", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26049" "name": "26050",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26050"
"name" : "26050", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26050" "name": "26059",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26059"
"name" : "26051", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26051" "name": "26061",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26061"
"name" : "26052", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26052" "name": "26053",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26053"
"name" : "26053", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26053" "name": "26060",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26060"
"name" : "26054", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26054" "name": "26056",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26056"
"name" : "26055", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26055" "name": "26054",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26054"
"name" : "26056", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26056" "name": "26051",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26051"
"name" : "26057", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26057" "name": "ADV-2006-2024",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2024"
"name" : "26058", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26058" "name": "26062",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26062"
"name" : "26059", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26059" "name": "976",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/976"
"name" : "26060", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26060" "name": "26057",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26057"
"name" : "26061", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26061" "name": "20334",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20334"
"name" : "26062", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26062" "name": "26052",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26052"
"name" : "20334", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20334" "name": "26058",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26058"
"name" : "976", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/976" "name": "26048",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/26048"
} },
} {
"name": "20060525 Multiple XSS Vulnerabilities in Tikiwiki 1.9.x",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435127/100/0/threaded"
},
{
"name": "20060608 Tikiwiki 1.9.3.2 security release",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436432/100/0/threaded"
},
{
"name": "26049",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26049"
},
{
"name": "26055",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26055"
}
]
}
}

160
2008/5xxx/CVE-2008-5072.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5072", "ID": "CVE-2008-5072",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers to cause a denial of service (application crash) via a malformed FLV file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6565", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6565" "lang": "eng",
}, "value": "vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers to cause a denial of service (application crash) via a malformed FLV file."
{ }
"name" : "http://packetstormsecurity.org/filedesc/klite-dos-tgz.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/filedesc/klite-dos-tgz.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31400", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31400" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4588", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4588" ]
}, },
{ "references": {
"name" : "klmcp-vsfilter-dos(45446)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45446" "name": "6565",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/6565"
} },
} {
"name": "31400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31400"
},
{
"name": "klmcp-vsfilter-dos(45446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45446"
},
{
"name": "4588",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4588"
},
{
"name": "http://packetstormsecurity.org/filedesc/klite-dos-tgz.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/filedesc/klite-dos-tgz.html"
}
]
}
}

130
2008/5xxx/CVE-2008-5274.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5274", "ID": "CVE-2008-5274",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "30593", "description_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30593" "lang": "eng",
}, "value": "Todd Woolums ASP News Management 2.2 allows remote attackers to obtain news items via a direct request to (1) rss.asp, (2) viewheadings.asp, or (3) viewnews.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "aspnewsmanagement-multiple-info-disclosure(47032)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47032" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aspnewsmanagement-multiple-info-disclosure(47032)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47032"
},
{
"name": "30593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30593"
}
]
}
}

200
2011/2xxx/CVE-2011-2416.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-2416", "ID": "CVE-2011-2416",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb11-21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb11-21.html" "lang": "eng",
}, "value": "Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138."
{ }
"name" : "RHSA-2011:1144", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1144.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SA:2011:033", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2011:0894", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2011:0897", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html" "name": "SUSE-SA:2011:033",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html"
"name" : "TA11-222A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-222A.html" "name": "48308",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48308"
"name" : "oval:org.mitre.oval:def:14132", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14132" "name": "TA11-222A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA11-222A.html"
"name" : "oval:org.mitre.oval:def:16025", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16025" "name": "oval:org.mitre.oval:def:14132",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14132"
"name" : "48308", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48308" "name": "http://www.adobe.com/support/security/bulletins/apsb11-21.html",
} "refsource": "CONFIRM",
] "url": "http://www.adobe.com/support/security/bulletins/apsb11-21.html"
} },
} {
"name": "oval:org.mitre.oval:def:16025",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16025"
},
{
"name": "SUSE-SU-2011:0894",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html"
},
{
"name": "RHSA-2011:1144",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1144.html"
},
{
"name": "openSUSE-SU-2011:0897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html"
}
]
}
}

140
2011/2xxx/CVE-2011-2626.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2626", "ID": "CVE-2011-2626",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using \"injected script\" to set the SRC attribute of an IFRAME element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.opera.com/docs/changelogs/mac/1150/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/mac/1150/" "lang": "eng",
}, "value": "Opera before 11.50 allows remote attackers to cause a denial of service (application crash) by using \"injected script\" to set the SRC attribute of an IFRAME element."
{ }
"name" : "http://www.opera.com/docs/changelogs/unix/1150/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.opera.com/docs/changelogs/unix/1150/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.opera.com/docs/changelogs/windows/1150/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/windows/1150/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/docs/changelogs/windows/1150/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1150/"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1150/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1150/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1150/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1150/"
}
]
}
}

130
2011/2xxx/CVE-2011-2952.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2952", "ID": "CVE-2011-2952",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://service.real.com/realplayer/security/08162011_player/en/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://service.real.com/realplayer/security/08162011_player/en/" "lang": "eng",
}, "value": "Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box."
{ }
"name" : "1025943", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id?1025943" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1025943",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025943"
},
{
"name": "http://service.real.com/realplayer/security/08162011_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/08162011_player/en/"
}
]
}
}

150
2011/3xxx/CVE-2011-3165.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2011-3165", "ID": "CVE-2011-3165",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBMU02712", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=132017799623289&w=2" "lang": "eng",
}, "value": "Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208."
{ }
"name" : "SSRT100649", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=132017799623289&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1026260", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026260" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8484", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/8484" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1026260",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026260"
},
{
"name": "HPSBMU02712",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132017799623289&w=2"
},
{
"name": "8484",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8484"
},
{
"name": "SSRT100649",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132017799623289&w=2"
}
]
}
}

150
2011/3xxx/CVE-2011-3508.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-3508", "ID": "CVE-2011-3508",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library."
{ }
"name" : "50201", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/50201" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "76467", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/76467" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "orasun-sol-ldapl-unspecified(70787)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70787" ]
} },
] "references": {
} "reference_data": [
} {
"name": "50201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50201"
},
{
"name": "orasun-sol-ldapl-unspecified(70787)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70787"
},
{
"name": "76467",
"refsource": "OSVDB",
"url": "http://osvdb.org/76467"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html"
}
]
}
}

120
2011/3xxx/CVE-2011-3685.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3685", "ID": "CVE-2011-3685",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-Weak-Xpto-Pwd-Storage.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-Weak-Xpto-Pwd-Storage.html" "lang": "eng",
} "value": "Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports directory."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-Weak-Xpto-Pwd-Storage.html",
"refsource": "MISC",
"url": "http://www.solutionary.com/index/SERT/Vuln-Disclosures/Tembria-Server-Monitor-Weak-Xpto-Pwd-Storage.html"
}
]
}
}

180
2011/3xxx/CVE-2011-3829.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2011-3829", "ID": "CVE-2011-3829",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18108", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18108" "lang": "eng",
}, "value": "ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to obtain sensitive information via the file name, which reveals the installation path in an error message."
{ }
"name" : "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://secunia.com/secunia_research/2011-75/", "description": [
"refsource" : "MISC", {
"url" : "http://secunia.com/secunia_research/2011-75/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "50632", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/50632" ]
}, },
{ "references": {
"name" : "76999", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/76999" "name": "50632",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/50632"
"name" : "45453", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45453" "name": "http://secunia.com/secunia_research/2011-75/",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2011-75/"
"name" : "sit-ftpuploadfile-path-disclosure(71233)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71233" "name": "18108",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/18108"
} },
} {
"name": "45453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45453"
},
{
"name": "76999",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/76999"
},
{
"name": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/106933/sit_file_upload.rb.txt"
},
{
"name": "sit-ftpuploadfile-path-disclosure(71233)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71233"
}
]
}
}

170
2013/0xxx/CVE-2013-0336.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0336", "ID": "CVE-2013-0336",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=913751", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=913751" "lang": "eng",
}, "value": "The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server."
{ }
"name" : "https://fedorahosted.org/freeipa/ticket/3539", ]
"refsource" : "CONFIRM", },
"url" : "https://fedorahosted.org/freeipa/ticket/3539" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8e", "description": [
"refsource" : "CONFIRM", {
"url" : "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8e" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "58747", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/58747" ]
}, },
{ "references": {
"name" : "52763", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52763" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=913751",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=913751"
"name" : "389directoryserver-cve20130336-dos(83132)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83132" "name": "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8e",
} "refsource": "CONFIRM",
] "url": "https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=7b45e33400355df44e75576ef7f70a39d163bf8e"
} },
} {
"name": "58747",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58747"
},
{
"name": "https://fedorahosted.org/freeipa/ticket/3539",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/freeipa/ticket/3539"
},
{
"name": "52763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52763"
},
{
"name": "389directoryserver-cve20130336-dos(83132)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83132"
}
]
}
}

130
2013/0xxx/CVE-2013-0537.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-0537", "ID": "CVE-2013-0537",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21654355", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21654355" "lang": "eng",
}, "value": "The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges."
{ }
"name" : "sametime-ems-cve20130537-spoof(84840)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84840" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21654355",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21654355"
},
{
"name": "sametime-ems-cve20130537-spoof(84840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84840"
}
]
}
}

220
2013/0xxx/CVE-2013-0640.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-0640", "ID": "CVE-2013-0640",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html" "lang": "eng",
}, "value": "Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, as exploited in the wild in February 2013."
{ }
"name" : "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html", ]
"refsource" : "CONFIRM", },
"url" : "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.adobe.com/support/security/advisories/apsa13-02.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/advisories/apsa13-02.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-07.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-07.html" ]
}, },
{ "references": {
"name" : "GLSA-201308-03", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" "name": "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html",
}, "refsource": "CONFIRM",
{ "url": "http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html"
"name" : "RHSA-2013:0551", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0551.html" "name": "VU#422807",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/422807"
"name" : "SUSE-SU-2013:0349", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html" "name": "openSUSE-SU-2013:0335",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html"
"name" : "openSUSE-SU-2013:0335", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00021.html" "name": "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html",
}, "refsource": "MISC",
{ "url": "http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html"
"name" : "openSUSE-SU-2013:0342", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html" "name": "openSUSE-SU-2013:0342",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00023.html"
"name" : "VU#422807", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/422807" "name": "oval:org.mitre.oval:def:16406",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406"
"name" : "oval:org.mitre.oval:def:16406", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16406" "name": "RHSA-2013:0551",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-0551.html"
} },
} {
"name": "http://www.adobe.com/support/security/bulletins/apsb13-07.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-07.html"
},
{
"name": "SUSE-SU-2013:0349",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00024.html"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa13-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa13-02.html"
},
{
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}
}

340
2013/0xxx/CVE-2013-0871.json
View File

@ -1,172 +1,172 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-0871", "ID": "CVE-2013-0871",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130215 Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/02/15/16" "lang": "eng",
}, "value": "Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9899d11f654474d2d54ea52ceaa2a1f4db3abd68", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9899d11f654474d2d54ea52ceaa2a1f4db3abd68" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.5", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=911937", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=911937" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/9899d11f654474d2d54ea52ceaa2a1f4db3abd68", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/9899d11f654474d2d54ea52ceaa2a1f4db3abd68" "name": "SUSE-SU-2013:0341",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00022.html"
"name" : "DSA-2632", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2632" "name": "[oss-security] 20130215 Linux kernel race condition with PTRACE_SETREGS (CVE-2013-0871)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/02/15/16"
"name" : "RHSA-2013:0567", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0567.html" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9899d11f654474d2d54ea52ceaa2a1f4db3abd68",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9899d11f654474d2d54ea52ceaa2a1f4db3abd68"
"name" : "RHSA-2013:0661", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0661.html" "name": "USN-1738-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1738-1"
"name" : "RHSA-2013:0662", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0662.html" "name": "USN-1740-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1740-1"
"name" : "RHSA-2013:0695", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0695.html" "name": "USN-1742-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1742-1"
"name" : "SUSE-SU-2013:0341", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00022.html" "name": "USN-1745-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1745-1"
"name" : "SUSE-SU-2013:0674", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html" "name": "USN-1743-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1743-1"
"name" : "openSUSE-SU-2013:0925", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=911937",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=911937"
"name" : "USN-1736-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1736-1" "name": "SUSE-SU-2013:0674",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html"
"name" : "USN-1737-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1737-1" "name": "https://github.com/torvalds/linux/commit/9899d11f654474d2d54ea52ceaa2a1f4db3abd68",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/9899d11f654474d2d54ea52ceaa2a1f4db3abd68"
"name" : "USN-1738-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1738-1" "name": "RHSA-2013:0567",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0567.html"
"name" : "USN-1739-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1739-1" "name": "USN-1744-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1744-1"
"name" : "USN-1740-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1740-1" "name": "USN-1736-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1736-1"
"name" : "USN-1741-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1741-1" "name": "RHSA-2013:0661",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0661.html"
"name" : "USN-1742-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1742-1" "name": "USN-1739-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1739-1"
"name" : "USN-1743-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1743-1" "name": "openSUSE-SU-2013:0925",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
"name" : "USN-1744-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1744-1" "name": "RHSA-2013:0662",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0662.html"
"name" : "USN-1745-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1745-1" "name": "USN-1741-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-1741-1"
} },
} {
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.5"
},
{
"name": "DSA-2632",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2632"
},
{
"name": "USN-1737-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1737-1"
},
{
"name": "RHSA-2013:0695",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0695.html"
}
]
}
}

120
2013/1xxx/CVE-2013-1230.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-1230", "ID": "CVE-2013-1230",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130430 Cisco Unified Communications Domain Manager High CPU Utilization Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1230" "lang": "eng",
} "value": "Cisco Unified Communications Domain Manager allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets, aka Bug ID CSCug47057."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130430 Cisco Unified Communications Domain Manager High CPU Utilization Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1230"
}
]
}
}

180
2013/1xxx/CVE-2013-1591.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1591", "ID": "CVE-2013-1591",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f", "description_data": [
"refsource" : "MISC", {
"url" : "http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f" "lang": "eng",
}, "value": "Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. NOTE: this issue might be resultant from an integer overflow in the fast_composite_scaled_bilinear function in pixman-inlines.h, which triggers an infinite loop."
{ }
"name" : "http://www.palemoon.org/releasenotes-ng.shtml", ]
"refsource" : "CONFIRM", },
"url" : "http://www.palemoon.org/releasenotes-ng.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=910149", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=910149" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077", ]
"refsource" : "CONFIRM", }
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077" ]
}, },
{ "references": {
"name" : "MDVSA-2013:116", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:116" "name": "http://www.palemoon.org/releasenotes-ng.shtml",
}, "refsource": "CONFIRM",
{ "url": "http://www.palemoon.org/releasenotes-ng.shtml"
"name" : "RHSA-2013:0687", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0687.html" "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077",
}, "refsource": "CONFIRM",
{ "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0077"
"name" : "RHSA-2013:0746", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0746.html" "name": "RHSA-2013:0687",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-0687.html"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=910149",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=910149"
},
{
"name": "RHSA-2013:0746",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0746.html"
},
{
"name": "http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f",
"refsource": "MISC",
"url": "http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f"
},
{
"name": "MDVSA-2013:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:116"
}
]
}
}

170
2013/1xxx/CVE-2013-1726.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2013-1726", "ID": "CVE-2013-1726",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-83.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-83.html" "lang": "eng",
}, "value": "Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=890853", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=890853" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2013-16992", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2013-17047", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html" ]
}, },
{ "references": {
"name" : "FEDORA-2013-17074", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html" "name": "oval:org.mitre.oval:def:18821",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18821"
"name" : "oval:org.mitre.oval:def:18821", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18821" "name": "FEDORA-2013-16992",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html"
} },
} {
"name": "FEDORA-2013-17074",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=890853",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=890853"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-83.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-83.html"
},
{
"name": "FEDORA-2013-17047",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html"
}
]
}
}

150
2013/1xxx/CVE-2013-1880.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1880", "ID": "CVE-2013-1880",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=924447", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=924447" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092."
{ }
"name" : "https://issues.apache.org/jira/browse/AMQ-4398", ]
"refsource" : "CONFIRM", },
"url" : "https://issues.apache.org/jira/browse/AMQ-4398" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:1029", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1029.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "65615", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/65615" ]
} },
] "references": {
} "reference_data": [
} {
"name": "65615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65615"
},
{
"name": "RHSA-2013:1029",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1029.html"
},
{
"name": "https://issues.apache.org/jira/browse/AMQ-4398",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/AMQ-4398"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=924447",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=924447"
}
]
}
}

130
2013/4xxx/CVE-2013-4061.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-4061", "ID": "CVE-2013-4061",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21648481", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21648481" "lang": "eng",
}, "value": "IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors."
{ }
"name" : "policytester-cve20134061-allowed-hosts(86585)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86585" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21648481",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21648481"
},
{
"name": "policytester-cve20134061-allowed-hosts(86585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86585"
}
]
}
}

120
2013/4xxx/CVE-2013-4766.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4766", "ID": "CVE-2013-4766",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2) Node Controller (NC) component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.eucalyptus.com/resources/security/advisories/esa-13", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.eucalyptus.com/resources/security/advisories/esa-13" "lang": "eng",
} "value": "The gather log service in Eucalyptus before 3.3.1 allows remote attackers to read log files via an unspecified request to the (1) Cluster Controller (CC) or (2) Node Controller (NC) component."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.eucalyptus.com/resources/security/advisories/esa-13",
"refsource": "CONFIRM",
"url": "http://www.eucalyptus.com/resources/security/advisories/esa-13"
}
]
}
}

180
2013/5xxx/CVE-2013-5128.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-5128", "ID": "CVE-2013-5128",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5934", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5934" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2."
{ }
"name" : "http://support.apple.com/kb/HT6001", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT6001" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2013-09-18-2", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2013-10-22-2", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2013-10-22-8", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html" "name": "APPLE-SA-2013-10-22-8",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html"
"name" : "1029054", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029054" "name": "1029054",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1029054"
"name" : "54886", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54886" "name": "http://support.apple.com/kb/HT6001",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT6001"
} },
} {
"name": "APPLE-SA-2013-10-22-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html"
},
{
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}

140
2013/5xxx/CVE-2013-5967.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5967", "ID": "CVE-2013-5967",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://osvdb.org/ref/97/ossim-sql.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://osvdb.org/ref/97/ossim-sql.txt" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/."
{ }
"name" : "62790", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/62790" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98052", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/98052" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "62790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62790"
},
{
"name": "http://osvdb.org/ref/97/ossim-sql.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/97/ossim-sql.txt"
},
{
"name": "98052",
"refsource": "OSVDB",
"url": "http://osvdb.org/98052"
}
]
}
}

140
2013/5xxx/CVE-2013-5975.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5975", "ID": "CVE-2013-5975",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14700.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14700.html" "lang": "eng",
}, "value": "The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
{ }
"name" : "1029079", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1029079" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "54844", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54844" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1029079",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029079"
},
{
"name": "54844",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54844"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14700.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/14000/700/sol14700.html"
}
]
}
}

124
2017/1000xxx/CVE-2017-1000459.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-12-29", "DATE_ASSIGNED": "2017-12-29",
"ID" : "CVE-2017-1000459", "ID": "CVE-2017-1000459",
"REQUESTER" : "nhoyadx@gmail.com", "REQUESTER": "nhoyadx@gmail.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Leanote", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<= 2.5 (current)" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Leanote" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/leanote/leanote/issues/676", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/leanote/leanote/issues/676" "lang": "eng",
} "value": "Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes"
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/leanote/leanote/issues/676",
"refsource": "MISC",
"url": "https://github.com/leanote/leanote/issues/676"
}
]
}
}

122
2017/12xxx/CVE-2017-12109.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-12109", "ID": "CVE-2017-12109",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "libxls", "product_name": "libxls",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.4 readxl package 1.0.0 for R (tested using Microsoft R 4.3.1)" "version_value": "1.4 readxl package 1.0.0 for R (tested using Microsoft R 4.3.1)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "libxls" "vendor_name": "libxls"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461" "lang": "eng",
} "value": "An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461"
}
]
}
}

130
2017/12xxx/CVE-2017-12263.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-12263", "ID": "CVE-2017-12263",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco License Manager", "product_name": "Cisco License Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco License Manager" "version_value": "Cisco License Manager"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files that may contain sensitive information. Cisco Bug IDs: CSCvd83577."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm" "lang": "eng",
}, "value": "A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. An exploit could allow the attacker to view application files that may contain sensitive information. Cisco Bug IDs: CSCvd83577."
{ }
"name" : "101169", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101169" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101169"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-clm"
}
]
}
}

34
2017/12xxx/CVE-2017-12395.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12395", "ID": "CVE-2017-12395",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/12xxx/CVE-2017-12786.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12786", "ID": "CVE-2017-12786",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42518", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42518/" "lang": "eng",
} "value": "Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42518",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42518/"
}
]
}
}

180
2017/12xxx/CVE-2017-12898.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12898", "ID": "CVE-2017-12898",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.tcpdump.org/tcpdump-changes.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.tcpdump.org/tcpdump-changes.txt" "lang": "eng",
}, "value": "The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:interp_reply()."
{ }
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/19d25dd8781620cd41bf178a5e2e27fc1cf242d0", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/19d25dd8781620cd41bf178a5e2e27fc1cf242d0" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT208221", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208221" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3971", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3971" ]
}, },
{ "references": {
"name" : "GLSA-201709-23", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201709-23" "name": "GLSA-201709-23",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201709-23"
"name" : "RHEA-2018:0705", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHEA-2018:0705" "name": "https://support.apple.com/HT208221",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208221"
"name" : "1039307", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039307" "name": "DSA-3971",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2017/dsa-3971"
} },
} {
"name": "1039307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039307"
},
{
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/19d25dd8781620cd41bf178a5e2e27fc1cf242d0",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/19d25dd8781620cd41bf178a5e2e27fc1cf242d0"
},
{
"name": "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource": "CONFIRM",
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name": "RHEA-2018:0705",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
}
]
}
}

180
2017/12xxx/CVE-2017-12988.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12988", "ID": "CVE-2017-12988",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.tcpdump.org/tcpdump-changes.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.tcpdump.org/tcpdump-changes.txt" "lang": "eng",
}, "value": "The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse()."
{ }
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/8934a7d6307267d301182f19ed162563717e29e3", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/8934a7d6307267d301182f19ed162563717e29e3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT208221", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208221" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3971", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3971" ]
}, },
{ "references": {
"name" : "GLSA-201709-23", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201709-23" "name": "GLSA-201709-23",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201709-23"
"name" : "RHEA-2018:0705", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHEA-2018:0705" "name": "https://support.apple.com/HT208221",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208221"
"name" : "1039307", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039307" "name": "DSA-3971",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2017/dsa-3971"
} },
} {
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/8934a7d6307267d301182f19ed162563717e29e3",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/8934a7d6307267d301182f19ed162563717e29e3"
},
{
"name": "1039307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039307"
},
{
"name": "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource": "CONFIRM",
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name": "RHEA-2018:0705",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
}
]
}
}

120
2017/13xxx/CVE-2017-13127.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13127", "ID": "CVE-2017-13127",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ibreakthings.com/2017/10/13/cve-2017-13127-security-teams-care/", "description_data": [
"refsource" : "MISC", {
"url" : "https://ibreakthings.com/2017/10/13/cve-2017-13127-security-teams-care/" "lang": "eng",
} "value": "The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ibreakthings.com/2017/10/13/cve-2017-13127-security-teams-care/",
"refsource": "MISC",
"url": "https://ibreakthings.com/2017/10/13/cve-2017-13127-security-teams-care/"
}
]
}
}

122
2017/16xxx/CVE-2017-16252.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-08-06T00:00:00", "DATE_PUBLIC": "2018-08-06T00:00:00",
"ID" : "CVE-2017-16252", "ID": "CVE-2017-16252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Insteon", "product_name": "Insteon",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Insteon Hub 2245-222 - Firmware version 1012" "version_value": "Insteon Hub 2245-222 - Firmware version 1012"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Talos" "vendor_name": "Talos"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd key is copied using strcpy to the buffer at $sp+0x11c. This buffer is 20 bytes large, sending anything longer will cause a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0483", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0483" "lang": "eng",
} "value": "Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd key is copied using strcpy to the buffer at $sp+0x11c. This buffer is 20 bytes large, sending anything longer will cause a buffer overflow."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0483",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0483"
}
]
}
}

34
2017/16xxx/CVE-2017-16476.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-16476", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-16476",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

130
2017/16xxx/CVE-2017-16582.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-16582", "ID": "CVE-2017-16582",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.3.2.25013" "version_value": "8.3.2.25013"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the clearItems XFA method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5288."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-893", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-893" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the clearItems XFA method. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5288."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-893",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-893"
}
]
}
}

120
2017/16xxx/CVE-2017-16604.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-16604", "ID": "CVE-2017-16604",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "NetGain Systems Enterprise Manager", "product_name": "NetGain Systems Enterprise Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.2.730 build 1034" "version_value": "7.2.730 build 1034"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NetGain Systems" "vendor_name": "NetGain Systems"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.cnnic.asset.deviceReport.deviceReport_005fexport_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5195."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-969", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-969" "lang": "eng",
} "value": "This vulnerability allows remote attackers to overwrite arbitrary files on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the org.apache.jsp.u.jsp.cnnic.asset.deviceReport.deviceReport_005fexport_005fdo_jsp servlet, which listens on TCP port 8081 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to overwrite any files accessible to the Administrator. Was ZDI-CAN-5195."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-969",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-969"
}
]
}
}

130
2017/16xxx/CVE-2017-16787.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16787", "ID": "CVE-2017-16787",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43332", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43332/" "lang": "eng",
}, "value": "The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access."
{ }
"name" : "20171212 Meinberg LANTIME Web Configuration Utility - Failure to Restrict URL Access", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2017/Dec/33" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20171212 Meinberg LANTIME Web Configuration Utility - Failure to Restrict URL Access",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/33"
},
{
"name": "43332",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43332/"
}
]
}
}

34
2017/4xxx/CVE-2017-4147.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4147", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4147",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4152.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4152", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4152",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4620.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4620", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4620",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4862.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4862", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4862",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

190
2018/18xxx/CVE-2018-18584.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18584", "ID": "CVE-2018-18584",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181026 [SECURITY] [DLA 1555-1] libmspack security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html" "lang": "eng",
}, "value": "In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write."
{ }
"name" : "https://bugs.debian.org/911640", ]
"refsource" : "MISC", },
"url" : "https://bugs.debian.org/911640" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.cabextract.org.uk/#changes", ]
"refsource" : "MISC", }
"url" : "https://www.cabextract.org.uk/#changes" ]
}, },
{ "references": {
"name" : "https://www.openwall.com/lists/oss-security/2018/10/22/1", "reference_data": [
"refsource" : "MISC", {
"url" : "https://www.openwall.com/lists/oss-security/2018/10/22/1" "name": "https://bugs.debian.org/911640",
}, "refsource": "MISC",
{ "url": "https://bugs.debian.org/911640"
"name" : "USN-3814-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3814-1/" "name": "https://www.cabextract.org.uk/#changes",
}, "refsource": "MISC",
{ "url": "https://www.cabextract.org.uk/#changes"
"name" : "USN-3814-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3814-2/" "name": "USN-3814-3",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3814-3/"
"name" : "USN-3814-3", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3814-3/" "name": "USN-3814-1",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3814-1/"
} },
} {
"name": "USN-3814-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3814-2/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2018/10/22/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2018/10/22/1"
},
{
"name": "[debian-lts-announce] 20181026 [SECURITY] [DLA 1555-1] libmspack security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00017.html"
},
{
"name": "https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2",
"refsource": "MISC",
"url": "https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2"
}
]
}
}

120
2018/18xxx/CVE-2018-18740.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18740", "ID": "CVE-2018-18740",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/AvaterXXX/SEMCMS/blob/master/XSS.md#xss4", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/AvaterXXX/SEMCMS/blob/master/XSS.md#xss4" "lang": "eng",
} "value": "An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMS_Link.php?lgid=1 URI."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AvaterXXX/SEMCMS/blob/master/XSS.md#xss4",
"refsource": "MISC",
"url": "https://github.com/AvaterXXX/SEMCMS/blob/master/XSS.md#xss4"
}
]
}
}

34
2018/18xxx/CVE-2018-18839.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18839", "ID": "CVE-2018-18839",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

146
2018/5xxx/CVE-2018-5506.json
View File

@ -1,75 +1,75 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "f5sirt@f5.com", "ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC" : "2018-04-12T00:00:00", "DATE_PUBLIC": "2018-04-12T00:00:00",
"ID" : "CVE-2018-5506", "ID": "CVE-2018-5506",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)", "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "13.0.0" "version_value": "13.0.0"
}, },
{ {
"version_value" : "12.1.0-12.1.2" "version_value": "12.1.0-12.1.2"
}, },
{ {
"version_value" : "11.6.1" "version_value": "11.6.1"
}, },
{ {
"version_value" : "11.5.1-11.5.5" "version_value": "11.5.1-11.5.5"
}, },
{ {
"version_value" : "11.2.1" "version_value": "11.2.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "F5 Networks, Inc." "vendor_name": "F5 Networks, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.f5.com/csp/article/K65355492", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.f5.com/csp/article/K65355492" "lang": "eng",
} "value": "In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client certificates used for mutual authentication between BIG-IQ or Enterprise Manager (EM) and managed BIG-IP devices."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K65355492",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K65355492"
}
]
}
}

160
2018/5xxx/CVE-2018-5999.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5999", "ID": "CVE-2018-5999",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43881", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43881/" "lang": "eng",
}, "value": "An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails."
{ }
"name" : "44176", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/44176/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://blogs.securiteam.com/index.php/archives/3589", "description": [
"refsource" : "MISC", {
"url" : "https://blogs.securiteam.com/index.php/archives/3589" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txt", ]
"refsource" : "MISC", }
"url" : "https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txt" ]
}, },
{ "references": {
"name" : "https://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rb", "reference_data": [
"refsource" : "MISC", {
"url" : "https://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rb" "name": "https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txt",
} "refsource": "MISC",
] "url": "https://github.com/pedrib/PoC/blob/master/advisories/asuswrt-lan-rce.txt"
} },
} {
"name": "44176",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44176/"
},
{
"name": "https://blogs.securiteam.com/index.php/archives/3589",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3589"
},
{
"name": "43881",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43881/"
},
{
"name": "https://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rb",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/pedrib/PoC/master/exploits/metasploit/asuswrt_lan_rce.rb"
}
]
}
}