admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:08:51 +00:00
parent 5b9ac63f9d
commit 27c55be863
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3356 additions and 3356 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2002/0xxx/CVE-2002-0029.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0029", "ID": "CVE-2002-0029",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka \"LIBRESOLV: buffer overrun\" and a different vulnerability than CVE-2002-0684."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.isc.org/products/BIND/bind-security.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.isc.org/products/BIND/bind-security.html" "lang": "eng",
}, "value": "Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka \"LIBRESOLV: buffer overrun\" and a different vulnerability than CVE-2002-0684."
{ }
"name" : "CA-2002-31", ]
"refsource" : "CERT", },
"url" : "http://www.cert.org/advisories/CA-2002-31.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#844360", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/844360" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2002-11-21", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html" ]
}, },
{ "references": {
"name" : "NetBSD-SA2002-028", "reference_data": [
"refsource" : "NETBSD", {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc" "name": "bind-dns-libresolv-bo(10624)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/10624.php"
"name" : "20021201-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P" "name": "NetBSD-SA2002-028",
}, "refsource": "NETBSD",
{ "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc"
"name" : "bind-dns-libresolv-bo(10624)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10624.php" "name": "CA-2002-31",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2002-31.html"
"name" : "6186", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6186" "name": "6186",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/6186"
} },
} {
"name": "VU#844360",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/844360"
},
{
"name": "http://www.isc.org/products/BIND/bind-security.html",
"refsource": "CONFIRM",
"url": "http://www.isc.org/products/BIND/bind-security.html"
},
{
"name": "2002-11-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "20021201-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P"
}
]
}
}

130
2002/0xxx/CVE-2002-0293.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0293", "ID": "CVE-2002-0293",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FTP service in Alcatel OmniPCX 4400 allows the \"halt\" user to gain root privileges by modifying root's .profile file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020219 Security BugWare : Alcatel 4400 PBX hack", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101413767925869&w=2" "lang": "eng",
}, "value": "FTP service in Alcatel OmniPCX 4400 allows the \"halt\" user to gain root privileges by modifying root's .profile file."
{ }
"name" : "omnipcx-ftp-root-access(8225)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8225" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020219 Security BugWare : Alcatel 4400 PBX hack",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101413767925869&w=2"
},
{
"name": "omnipcx-ftp-root-access(8225)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8225"
}
]
}
}

450
2002/0xxx/CVE-2002-0392.json
View File

@ -1,227 +1,227 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0392", "ID": "CVE-2002-0392",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://httpd.apache.org/info/security_bulletin_20020617.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://httpd.apache.org/info/security_bulletin_20020617.txt" "lang": "eng",
}, "value": "Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size."
{ }
"name" : "20020621 [SECURITY] Remote exploit for 32-bit Apache HTTP Server known", ]
"refsource" : "BUGTRAQ", },
"url" : "http://online.securityfocus.com/archive/1/278149" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CA-2002-17", "description": [
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2002-17.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBMA02149", ]
"refsource" : "HP", }
"url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475" ]
}, },
{ "references": {
"name" : "SSRT050968", "reference_data": [
"refsource" : "HP", {
"url" : "http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475" "name": "20020605-01-I",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I"
"name" : "20020605-01-A", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A" "name": "RHSA-2002:150",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2002-150.html"
"name" : "20020605-01-I", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I" "name": "CSSA-2002-SCO.32",
}, "refsource": "CALDERA",
{ "url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32"
"name" : "RHSA-2002:103", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2002-103.html" "name": "CA-2002-17",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2002-17.html"
"name" : "RHSA-2002:126", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-126.html" "name": "RHSA-2002:118",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2002-118.html"
"name" : "RHSA-2002:150", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-150.html" "name": "RHSA-2003:106",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-106.html"
"name" : "RHSA-2003:106", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-106.html" "name": "20005",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/20005"
"name" : "MDKSA-2002:039", },
"refsource" : "MANDRAKE", {
"url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:039" "name": "DSA-133",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2002/dsa-133"
"name" : "CSSA-2002-029.0", },
"refsource" : "CALDERA", {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt" "name": "SSRT050968",
}, "refsource": "HP",
{ "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475"
"name" : "CSSA-2002-SCO.31", },
"refsource" : "CALDERA", {
"url" : "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31" "name": "CSSA-2002-029.0",
}, "refsource": "CALDERA",
{ "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt"
"name" : "CSSA-2002-SCO.32", },
"refsource" : "CALDERA", {
"url" : "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32" "name": "CSSA-2002-SCO.31",
}, "refsource": "CALDERA",
{ "url": "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31"
"name" : "CLSA-2002:498", },
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498" "name": "ESA-20020619-014",
}, "refsource": "ENGARDE",
{ "url": "http://www.linuxsecurity.com/advisories/other_advisory-2137.html"
"name" : "DSA-131", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-131" "name": "http://httpd.apache.org/info/security_bulletin_20020617.txt",
}, "refsource": "CONFIRM",
{ "url": "http://httpd.apache.org/info/security_bulletin_20020617.txt"
"name" : "DSA-132", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-132" "name": "SuSE-SA:2002:022",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2002_22_apache.html"
"name" : "DSA-133", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-133" "name": "HPSBMA02149",
}, "refsource": "HP",
{ "url": "http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475"
"name" : "ESA-20020619-014", },
"refsource" : "ENGARDE", {
"url" : "http://www.linuxsecurity.com/advisories/other_advisory-2137.html" "name": "VU#944335",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/944335"
"name" : "RHSA-2002:118", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2002-118.html" "name": "DSA-132",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2002/dsa-132"
"name" : "RHSA-2002:117", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2002-117.html" "name": "HPSBTL0206-049",
}, "refsource": "HP",
{ "url": "http://online.securityfocus.com/advisories/4240"
"name" : "20020619 [OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache)", },
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.html" "name": "20020619 [OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache)",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.html"
"name" : "20020621 [slackware-security] new apache/mod_ssl packages available", },
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.html" "name": "HPSBUX0207-197",
}, "refsource": "HP",
{ "url": "http://online.securityfocus.com/advisories/4257"
"name" : "SuSE-SA:2002:022", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2002_22_apache.html" "name": "838",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/838"
"name" : "VU#944335", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/944335" "name": "DSA-131",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2002/dsa-131"
"name" : "HPSBTL0206-049", },
"refsource" : "HP", {
"url" : "http://online.securityfocus.com/advisories/4240" "name": "CLSA-2002:498",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498"
"name" : "HPSBUX0207-197", },
"refsource" : "HP", {
"url" : "http://online.securityfocus.com/advisories/4257" "name": "20020605-01-A",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A"
"name" : "5033", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5033" "name": "20020621 [slackware-security] new apache/mod_ssl packages available",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.html"
"name" : "20005", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20005" "name": "20020621 [SECURITY] Remote exploit for 32-bit Apache HTTP Server known",
}, "refsource": "BUGTRAQ",
{ "url": "http://online.securityfocus.com/archive/1/278149"
"name" : "ADV-2006-3598", },
"refsource" : "FRSIRT", {
"url" : "http://www.frsirt.com/english/advisories/2006/3598" "name": "MDKSA-2002:039",
}, "refsource": "MANDRAKE",
{ "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:039"
"name" : "838", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/838" "name": "apache-chunked-encoding-bo(9249)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/9249.php"
"name" : "21917", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21917" "name": "RHSA-2002:126",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2002-126.html"
"name" : "apache-chunked-encoding-bo(9249)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9249.php" "name": "RHSA-2002:103",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2002-103.html"
} },
} {
"name": "ADV-2006-3598",
"refsource": "FRSIRT",
"url": "http://www.frsirt.com/english/advisories/2006/3598"
},
{
"name": "5033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5033"
},
{
"name": "RHSA-2002:117",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-117.html"
},
{
"name": "21917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21917"
}
]
}
}

140
2002/1xxx/CVE-2002-1124.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1124", "ID": "CVE-2002-1124",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in purity 1-16 allow local users to gain privileges and modify high scores tables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-166", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-166" "lang": "eng",
}, "value": "Multiple buffer overflows in purity 1-16 allow local users to gain privileges and modify high scores tables."
{ }
"name" : "linux-purity-bo(10100)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/10100.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5702", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5702" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "DSA-166",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-166"
},
{
"name": "5702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5702"
},
{
"name": "linux-purity-bo(10100)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10100.php"
}
]
}
}

160
2002/1xxx/CVE-2002-1152.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1152", "ID": "CVE-2002-1152",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Konqueror in KDE 3.0 through 3.0.2 does not properly detect the \"secure\" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020910 KDE Security Advisory: Secure Cookie Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103175827225044&w=2" "lang": "eng",
}, "value": "Konqueror in KDE 3.0 through 3.0.2 does not properly detect the \"secure\" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing."
{ }
"name" : "http://www.kde.org/info/security/advisory-20020908-1.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://www.kde.org/info/security/advisory-20020908-1.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2002:220", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-220.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "kde-konqueror-cookie-hijacking(10083)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/10083.php" ]
}, },
{ "references": {
"name" : "5691", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5691" "name": "RHSA-2002:220",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2002-220.html"
} },
} {
"name": "http://www.kde.org/info/security/advisory-20020908-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20020908-1.txt"
},
{
"name": "5691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5691"
},
{
"name": "20020910 KDE Security Advisory: Secure Cookie Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103175827225044&w=2"
},
{
"name": "kde-konqueror-cookie-hijacking(10083)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10083.php"
}
]
}
}

150
2002/1xxx/CVE-2002-1479.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1479", "ID": "CVE-2002-1479",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020903 Cacti security issues", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html" "lang": "eng",
}, "value": "Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges."
{ }
"name" : "http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt", ]
"refsource" : "MISC", },
"url" : "http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "cacti-config-world-readable(10049)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10049.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5628", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/5628" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20020903 Cacti security issues",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html"
},
{
"name": "cacti-config-world-readable(10049)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10049.php"
},
{
"name": "http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt",
"refsource": "MISC",
"url": "http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt"
},
{
"name": "5628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5628"
}
]
}
}

140
2002/2xxx/CVE-2002-2310.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2310", "ID": "CVE-2002-2310",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securiteam.com/securitynews/5DP0T0K7PY.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securiteam.com/securitynews/5DP0T0K7PY.html" "lang": "eng",
}, "value": "ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords."
{ }
"name" : "1004825", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1004825" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "clickcartpro-unauth-database-access-access(9648)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9648.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "clickcartpro-unauth-database-access-access(9648)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9648.php"
},
{
"name": "1004825",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1004825"
},
{
"name": "http://www.securiteam.com/securitynews/5DP0T0K7PY.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securitynews/5DP0T0K7PY.html"
}
]
}
}

140
2002/2xxx/CVE-2002-2357.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2357", "ID": "CVE-2002-2357",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a denial of service (crash) via a long USER string, possibly due to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021117 MailEnable POP3 Server remote shutdown !:/ -newest ~ (and previous) bufferoverflow-", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0236.html" "lang": "eng",
}, "value": "MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a denial of service (crash) via a long USER string, possibly due to a buffer overflow."
{ }
"name" : "6197", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6197" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "mailenable-pop3-server-dos(10652)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10652.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "6197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6197"
},
{
"name": "mailenable-pop3-server-dos(10652)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10652.php"
},
{
"name": "20021117 MailEnable POP3 Server remote shutdown !:/ -newest ~ (and previous) bufferoverflow-",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0236.html"
}
]
}
}

160
2002/2xxx/CVE-2002-2446.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2446", "ID": "CVE-2002-2446",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/" "lang": "eng",
}, "value": "GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors."
{ }
"name" : "https://twitter.com/digitalbond/status/619250429751222277", ]
"refsource" : "MISC", },
"url" : "https://twitter.com/digitalbond/status/619250429751222277" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "description": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA&DIRECTION=2338955-100&FILENAME=2338955-100.pdf&FILEREV=1&DOCREV_ORG=1", ]
"refsource" : "CONFIRM", }
"url" : "http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA&DIRECTION=2338955-100&FILENAME=2338955-100.pdf&FILEREV=1&DOCREV_ORG=1" ]
}, },
{ "references": {
"name" : "http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA&DIRECTION=2354459-100&FILENAME=2354459-100.pdf&FILEREV=4&DOCREV_ORG=4", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA&DIRECTION=2354459-100&FILENAME=2354459-100.pdf&FILEREV=4&DOCREV_ORG=4" "name": "http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA&DIRECTION=2338955-100&FILENAME=2338955-100.pdf&FILEREV=1&DOCREV_ORG=1",
} "refsource": "CONFIRM",
] "url": "http://apps.gehealthcare.com/servlet/ClientServlet/2338955-100.pdf?REQ=RAA&DIRECTION=2338955-100&FILENAME=2338955-100.pdf&FILEREV=1&DOCREV_ORG=1"
} },
} {
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA&DIRECTION=2354459-100&FILENAME=2354459-100.pdf&FILEREV=4&DOCREV_ORG=4",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/2354459-100.pdf?REQ=RAA&DIRECTION=2354459-100&FILENAME=2354459-100.pdf&FILEREV=4&DOCREV_ORG=4"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
}
]
}
}

140
2005/1xxx/CVE-2005-1238.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1238", "ID": "CVE-2005-1238",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050420 Canonicalization and directory traversal in iSeries FTP security products", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/396628" "lang": "eng",
}, "value": "By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request."
{ }
"name" : "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "multiple-vendor-security-bypass(20260)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20260" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20050420 Canonicalization and directory traversal in iSeries FTP security products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/396628"
},
{
"name": "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf",
"refsource": "MISC",
"url": "http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security.pdf"
},
{
"name": "multiple-vendor-security-bypass(20260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20260"
}
]
}
}

140
2012/0xxx/CVE-2012-0675.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-0675", "ID": "CVE-2012-0675",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5281", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5281" "lang": "eng",
}, "value": "Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume."
{ }
"name" : "APPLE-SA-2012-05-09-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53445", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53445" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "53445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53445"
},
{
"name": "http://support.apple.com/kb/HT5281",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5281"
},
{
"name": "APPLE-SA-2012-05-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
}
]
}
}

34
2012/1xxx/CVE-2012-1170.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1170", "ID": "CVE-2012-1170",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/3xxx/CVE-2012-3081.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3081", "ID": "CVE-2012-3081",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2012/3xxx/CVE-2012-3476.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3476", "ID": "CVE-2012-3476",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120809 Re: CVE request for Ushahidi", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2012/08/09/5" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name."
{ }
"name" : "https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f"
}
]
}
}

210
2012/3xxx/CVE-2012-3624.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-3624", "ID": "CVE-2012-3624",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5485", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5485" "lang": "eng",
}, "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
{ }
"name" : "http://support.apple.com/kb/HT5502", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5502" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5503", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2012-09-12-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-09-19-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "APPLE-SA-2012-09-19-3",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
"name" : "APPLE-SA-2012-09-19-3", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "55534", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55534" "name": "APPLE-SA-2012-09-19-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
"name" : "85398", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/85398" "name": "http://support.apple.com/kb/HT5503",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5503"
"name" : "oval:org.mitre.oval:def:16588", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16588" "name": "oval:org.mitre.oval:def:16588",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16588"
"name" : "apple-itunes-webkit-cve20123624(78545)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78545" "name": "apple-itunes-webkit-cve20123624(78545)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78545"
} },
} {
"name": "http://support.apple.com/kb/HT5502",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5502"
},
{
"name": "55534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55534"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "85398",
"refsource": "OSVDB",
"url": "http://osvdb.org/85398"
}
]
}
}

180
2012/3xxx/CVE-2012-3996.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3996", "ID": "CVE-2012-3996",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3 \"unserialize()\" PHP Code Execution", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html" "lang": "eng",
}, "value": "TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php."
{ }
"name" : "19573", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/19573" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19630", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/19630" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://dev.tiki.org/item4109", ]
"refsource" : "MISC", }
"url" : "http://dev.tiki.org/item4109" ]
}, },
{ "references": {
"name" : "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS", "reference_data": [
"refsource" : "MISC", {
"url" : "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS" "name": "19630",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/19630"
"name" : "http://info.tiki.org/article191-Tiki-Releases-8-4", },
"refsource" : "MISC", {
"url" : "http://info.tiki.org/article191-Tiki-Releases-8-4" "name": "19573",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/19573"
"name" : "83533", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/83533" "name": "83533",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/83533"
} },
} {
"name": "http://info.tiki.org/article191-Tiki-Releases-8-4",
"refsource": "MISC",
"url": "http://info.tiki.org/article191-Tiki-Releases-8-4"
},
{
"name": "20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3 \"unserialize()\" PHP Code Execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html"
},
{
"name": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS",
"refsource": "MISC",
"url": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS"
},
{
"name": "http://dev.tiki.org/item4109",
"refsource": "MISC",
"url": "http://dev.tiki.org/item4109"
}
]
}
}

260
2012/4xxx/CVE-2012-4233.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4233", "ID": "CVE-2012-4233",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121102 Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/11/02/2" "lang": "eng",
}, "value": "LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll."
{ }
"name" : "https://www.htbridge.com/advisory/HTB23106", ]
"refsource" : "MISC", },
"url" : "https://www.htbridge.com/advisory/HTB23106" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://cgit.freedesktop.org/libreoffice/binfilter/commit/?h=libreoffice-3-5-7&id=7e22ee55ffc9743692f3ddb93e59dd4427029c5b", "description": [
"refsource" : "CONFIRM", {
"url" : "http://cgit.freedesktop.org/libreoffice/binfilter/commit/?h=libreoffice-3-5-7&id=7e22ee55ffc9743692f3ddb93e59dd4427029c5b" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=44bc6b5cac723b52df40fbef026e99b7119d8a69", ]
"refsource" : "CONFIRM", }
"url" : "http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=44bc6b5cac723b52df40fbef026e99b7119d8a69" ]
}, },
{ "references": {
"name" : "http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=6789ec4c1a9c6af84bd62e650a03226a46365d97", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=6789ec4c1a9c6af84bd62e650a03226a46365d97" "name": "http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=44bc6b5cac723b52df40fbef026e99b7119d8a69",
}, "refsource": "CONFIRM",
{ "url": "http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=44bc6b5cac723b52df40fbef026e99b7119d8a69"
"name" : "http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=8ca9fb05c9967f11670d045886438ddfa3ac02a7", },
"refsource" : "CONFIRM", {
"url" : "http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=8ca9fb05c9967f11670d045886438ddfa3ac02a7" "name": "libreoffice-svxcorelo-dos(79730)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79730"
"name" : "http://www.libreoffice.org/advisories/cve-2012-4233/", },
"refsource" : "CONFIRM", {
"url" : "http://www.libreoffice.org/advisories/cve-2012-4233/" "name": "openSUSE-SU-2012:1686",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00075.html"
"name" : "DSA-2570", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2570" "name": "libreoffice-ppt-file-dos(79731)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79731"
"name" : "openSUSE-SU-2012:1523", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00039.html" "name": "http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=6789ec4c1a9c6af84bd62e650a03226a46365d97",
}, "refsource": "CONFIRM",
{ "url": "http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=6789ec4c1a9c6af84bd62e650a03226a46365d97"
"name" : "openSUSE-SU-2012:1686", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00075.html" "name": "[oss-security] 20121102 Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/11/02/2"
"name" : "56352", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56352" "name": "http://cgit.freedesktop.org/libreoffice/binfilter/commit/?h=libreoffice-3-5-7&id=7e22ee55ffc9743692f3ddb93e59dd4427029c5b",
}, "refsource": "CONFIRM",
{ "url": "http://cgit.freedesktop.org/libreoffice/binfilter/commit/?h=libreoffice-3-5-7&id=7e22ee55ffc9743692f3ddb93e59dd4427029c5b"
"name" : "libreoffice-odt-dos(79728)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79728" "name": "libreoffice-odt-dos(79728)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79728"
"name" : "libreoffice-ppt-file-dos(79731)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79731" "name": "http://www.libreoffice.org/advisories/cve-2012-4233/",
}, "refsource": "CONFIRM",
{ "url": "http://www.libreoffice.org/advisories/cve-2012-4233/"
"name" : "libreoffice-svxcorelo-dos(79730)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79730" "name": "libreoffice-xls-dos(79732)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79732"
"name" : "libreoffice-xls-dos(79732)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79732" "name": "56352",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/56352"
} },
} {
"name": "DSA-2570",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2570"
},
{
"name": "http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=8ca9fb05c9967f11670d045886438ddfa3ac02a7",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=8ca9fb05c9967f11670d045886438ddfa3ac02a7"
},
{
"name": "openSUSE-SU-2012:1523",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00039.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23106",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23106"
}
]
}
}

130
2012/4xxx/CVE-2012-4701.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2012-4701", "ID": "CVE-2012-4701",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf" "lang": "eng",
}, "value": "Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature."
{ }
"name" : "https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013", ]
"refsource" : "CONFIRM", },
"url" : "https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-045-01.pdf"
},
{
"name": "https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013",
"refsource": "CONFIRM",
"url": "https://www.niagara-central.com/ord?portal:/dev/wiki/Niagara_AX_Security_Patch_11-Feb-2013"
}
]
}
}

200
2012/4xxx/CVE-2012-4889.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4889", "ID": "CVE-2012-4889",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/111474/VL-437.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/111474/VL-437.txt" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do."
{ }
"name" : "http://www.vulnerability-lab.com/get_content.php?id=437", ]
"refsource" : "MISC", },
"url" : "http://www.vulnerability-lab.com/get_content.php?id=437" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52841", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52841" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "80872", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/80872" ]
}, },
{ "references": {
"name" : "80873", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80873" "name": "firewallanalyzer-multiple-xss(74538)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74538"
"name" : "80874", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80874" "name": "48657",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48657"
"name" : "80875", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80875" "name": "80874",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/80874"
"name" : "48657", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48657" "name": "80875",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/80875"
"name" : "firewallanalyzer-multiple-xss(74538)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74538" "name": "52841",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/52841"
} },
} {
"name": "http://www.vulnerability-lab.com/get_content.php?id=437",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=437"
},
{
"name": "http://packetstormsecurity.org/files/111474/VL-437.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111474/VL-437.txt"
},
{
"name": "80873",
"refsource": "OSVDB",
"url": "http://osvdb.org/80873"
},
{
"name": "80872",
"refsource": "OSVDB",
"url": "http://osvdb.org/80872"
}
]
}
}

130
2012/4xxx/CVE-2012-4945.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-4945", "ID": "CVE-2012-4945",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary commands via unspecified vectors, related to a \"command injection\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#427547", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/427547" "lang": "eng",
}, "value": "Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary commands via unspecified vectors, related to a \"command injection\" issue."
{ }
"name" : "56427", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/56427" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#427547",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/427547"
},
{
"name": "56427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56427"
}
]
}
}

140
2012/4xxx/CVE-2012-4948.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-4948", "ID": "CVE-2012-4948",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#111708", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/111708" "lang": "eng",
}, "value": "The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities."
{ }
"name" : "56382", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/56382" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "87048", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/87048" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "VU#111708",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/111708"
},
{
"name": "56382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56382"
},
{
"name": "87048",
"refsource": "OSVDB",
"url": "http://osvdb.org/87048"
}
]
}
}

120
2012/6xxx/CVE-2012-6585.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6585", "ID": "CVE-2012-6585",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "22713", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/22713/" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22713",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/22713/"
}
]
}
}

160
2012/6xxx/CVE-2012-6632.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6632", "ID": "CVE-2012-6632",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) file title to accounts/admin/index.php or (3) comment parameter in the support page to accounts/index2.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/112655/NetBill-Billing-System-1.2-CSRF-XSS.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/112655/NetBill-Billing-System-1.2-CSRF-XSS.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) file title to accounts/admin/index.php or (3) comment parameter in the support page to accounts/index2.php."
{ }
"name" : "http://www.vulnerability-lab.com/get_content.php?id=560", ]
"refsource" : "MISC", },
"url" : "http://www.vulnerability-lab.com/get_content.php?id=560" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "81880", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/81880" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "49109", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/49109" ]
}, },
{ "references": {
"name" : "netbill-index-xss(75538)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75538" "name": "49109",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/49109"
} },
} {
"name": "81880",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81880"
},
{
"name": "netbill-index-xss(75538)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75538"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=560",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=560"
},
{
"name": "http://packetstormsecurity.org/files/112655/NetBill-Billing-System-1.2-CSRF-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112655/NetBill-Billing-System-1.2-CSRF-XSS.html"
}
]
}
}

130
2017/2xxx/CVE-2017-2097.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2097", "ID": "CVE-2017-2097",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Knowledge", "product_name": "Knowledge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "versions prior to v1.7.0" "version_value": "versions prior to v1.7.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "support-project.org" "vendor_name": "support-project.org"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#09460804", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN09460804/index.html" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
{ }
"name" : "95779", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95779" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#09460804",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN09460804/index.html"
},
{
"name": "95779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95779"
}
]
}
}

130
2017/2xxx/CVE-2017-2244.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2244", "ID": "CVE-2017-2244",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MFC-J960DWN", "product_name": "MFC-J960DWN",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "firmware ver.D and earlier" "version_value": "firmware ver.D and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "BROTHER INDUSTRIES, LTD." "vendor_name": "BROTHER INDUSTRIES, LTD."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.brother.co.jp/j/s/support/vul_info/JVN95996423/index.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.brother.co.jp/j/s/support/vul_info/JVN95996423/index.html" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmware ver.D and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors."
{ }
"name" : "JVN#95996423", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN95996423/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.brother.co.jp/j/s/support/vul_info/JVN95996423/index.html",
"refsource": "CONFIRM",
"url": "http://support.brother.co.jp/j/s/support/vul_info/JVN95996423/index.html"
},
{
"name": "JVN#95996423",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN95996423/index.html"
}
]
}
}

130
2017/2xxx/CVE-2017-2320.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sirt@juniper.net", "ASSIGNER": "sirt@juniper.net",
"ID" : "CVE-2017-2320", "ID": "CVE-2017-2320",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "NorthStar Controller Application", "product_name": "NorthStar Controller Application",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to version 2.1.0 Service Pack 1" "version_value": "prior to version 2.1.0 Service Pack 1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Juniper Networks" "vendor_name": "Juniper Networks"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "vulnerability that may allow complete compromise the system's confidentiality or integrity or cause a complete denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.juniper.net/JSA10783", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.juniper.net/JSA10783" "lang": "eng",
}, "value": "A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials of services leading to targeted information disclosure, modification of any component of the NorthStar system, including managed systems, and full denial of services to any systems under management which NorthStar interacts with using read-only or read-write credentials."
{ }
"name" : "97687", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97687" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "vulnerability that may allow complete compromise the system's confidentiality or integrity or cause a complete denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97687"
}
]
}
}

170
2017/2xxx/CVE-2017-2441.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2441", "ID": "CVE-2017-2441",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"libc++abi\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during demangling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207601", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207601" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"libc++abi\" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted C++ app that is mishandled during demangling."
{ }
"name" : "https://support.apple.com/HT207602", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207602" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207615", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207615" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207617", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207617" ]
}, },
{ "references": {
"name" : "97137", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97137" "name": "97137",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/97137"
"name" : "1038138", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038138" "name": "https://support.apple.com/HT207601",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT207601"
} },
} {
"name": "https://support.apple.com/HT207615",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207615"
},
{
"name": "1038138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038138"
},
{
"name": "https://support.apple.com/HT207602",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207602"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

152
2017/2xxx/CVE-2017-2885.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-08-10T00:00:00", "DATE_PUBLIC": "2017-08-10T00:00:00",
"ID" : "CVE-2017-2885", "ID": "CVE-2017-2885",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "libsoup", "product_name": "libsoup",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.58" "version_value": "2.58"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "GNOME" "vendor_name": "GNOME"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392" "lang": "eng",
}, "value": "An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability."
{ }
"name" : "DSA-3929", ]
"refsource" : "DEBIAN", },
"url" : "https://www.debian.org/security/2017/dsa-3929" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2017:2459", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2459" "lang": "eng",
}, "value": "buffer overflow"
{ }
"name" : "100258", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/100258" ]
} },
] "references": {
} "reference_data": [
} {
"name": "RHSA-2017:2459",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2459"
},
{
"name": "DSA-3929",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3929"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392"
},
{
"name": "100258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100258"
}
]
}
}

140
2017/2xxx/CVE-2017-2983.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-2983", "ID": "CVE-2017-2983",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Shockwave 12.2.7.197 and earlier.", "product_name": "Adobe Shockwave 12.2.7.197 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Shockwave 12.2.7.197 and earlier." "version_value": "Adobe Shockwave 12.2.7.197 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure Library Loading (DLL hijacking)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html" "lang": "eng",
}, "value": "Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege."
{ }
"name" : "96863", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96863" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037993", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037993" "lang": "eng",
} "value": "Insecure Library Loading (DLL hijacking)"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/shockwave/apsb17-08.html"
},
{
"name": "96863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96863"
},
{
"name": "1037993",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037993"
}
]
}
}

120
2017/6xxx/CVE-2017-6485.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6485", "ID": "CVE-2017-6485",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the \"php-calendar-master/error.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/jasonjoh/php-calendar/issues/4", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/jasonjoh/php-calendar/issues/4" "lang": "eng",
} "value": "A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the \"php-calendar-master/error.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jasonjoh/php-calendar/issues/4",
"refsource": "CONFIRM",
"url": "https://github.com/jasonjoh/php-calendar/issues/4"
}
]
}
}

130
2017/6xxx/CVE-2017-6657.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6657", "ID": "CVE-2017-6657",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snort 3.0 All versions prior to build 233.", "product_name": "Snort 3.0 All versions prior to build 233.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Snort 3.0 All versions prior to build 233." "version_value": "Snort 3.0 All versions prior to build 233."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "input validation error"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html" "lang": "eng",
}, "value": "Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Validation. Since valid ether type and IP protocol numbers do not overlap, Snort++ stores all protocol decoders in a single array. That makes it possible to craft packets that have IP protocol numbers in the ether type field which will confuse the Snort++ decoder. For example, an eth:llc:snap:icmp6 packet will cause a crash because there is no ip6 header with which to calculate the icmp6 checksum. Affected decoders include gre, llc, trans_bridge, ciscometadata, linux_sll, and token_ring. The fix adds a check in the packet manager to validate the ether type before indexing the decoder array. An out of range ether type will raise 116:473."
{ }
"name" : "1038483", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1038483" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "input validation error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038483",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038483"
},
{
"name": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html",
"refsource": "CONFIRM",
"url": "http://blog.snort.org/2017/05/snort-vulnerabilities-found.html"
}
]
}
}

34
2017/6xxx/CVE-2017-6938.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6938", "ID": "CVE-2017-6938",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/6xxx/CVE-2017-6949.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6949", "ID": "CVE-2017-6949",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html" "lang": "eng",
}, "value": "An issue was discovered in CHICKEN Scheme through 4.12.0. When using a nonstandard CHICKEN-specific extension to allocate an SRFI-4 vector in unmanaged memory, the vector size would be used in unsanitised form as an argument to malloc(). With an unexpected size, the impact may have been a segfault or buffer overflow."
{ }
"name" : "97317", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97317" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97317"
},
{
"name": "http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html",
"refsource": "CONFIRM",
"url": "http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html"
}
]
}
}

140
2017/7xxx/CVE-2017-7032.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7032", "ID": "CVE-2017-7032",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"kext tools\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207922", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207922" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"kext tools\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
{ }
"name" : "99882", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99882" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038951", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038951" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038951"
},
{
"name": "99882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99882"
},
{
"name": "https://support.apple.com/HT207922",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207922"
}
]
}
}

132
2017/7xxx/CVE-2017-7688.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2017-07-13T00:00:00", "DATE_PUBLIC": "2017-07-13T00:00:00",
"ID" : "CVE-2017-7688", "ID": "CVE-2017-7688",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache OpenMeetings", "product_name": "Apache OpenMeetings",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.0.0" "version_value": "1.0.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache OpenMeetings 1.0.0 updates user password in insecure manner."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure Password Update"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[user] 20170713 CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update", "description_data": [
"refsource" : "MLIST", {
"url" : "http://markmail.org/message/ctsiiqtekzsun6fi" "lang": "eng",
}, "value": "Apache OpenMeetings 1.0.0 updates user password in insecure manner."
{ }
"name" : "99586", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99586" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Insecure Password Update"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20170713 CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update",
"refsource": "MLIST",
"url": "http://markmail.org/message/ctsiiqtekzsun6fi"
},
{
"name": "99586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99586"
}
]
}
}

132
2017/7xxx/CVE-2017-7973.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@se.com", "ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2017-06-28T00:00:00", "DATE_PUBLIC": "2017-06-28T00:00:00",
"ID" : "CVE-2017-7973", "ID": "CVE-2017-7973",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "U.Motion", "product_name": "U.Motion",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "U.motion Builder Versions 1.2.1 and prior." "version_value": "U.motion Builder Versions 1.2.1 and prior."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Schneider Electric SE" "vendor_name": "Schneider Electric SE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/" "lang": "eng",
}, "value": "A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database."
{ }
"name" : "99344", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99344" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/"
},
{
"name": "99344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99344"
}
]
}
}

34
2018/10xxx/CVE-2018-10807.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10807", "ID": "CVE-2018-10807",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/14xxx/CVE-2018-14335.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14335", "ID": "CVE-2018-14335",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45105", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45105/" "lang": "eng",
}, "value": "An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file."
{ }
"name" : "https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20", ]
"refsource" : "MISC", },
"url" : "https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45105",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45105/"
},
{
"name": "https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20",
"refsource": "MISC",
"url": "https://gist.github.com/owodelta/9714faf9a86435cef5a99d4930eaee20"
}
]
}
}

120
2018/14xxx/CVE-2018-14517.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14517", "ID": "CVE-2018-14517",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/SecWiki/CMS-Hunter/blob/master/seacms/seacms6.61/seacms661.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/SecWiki/CMS-Hunter/blob/master/seacms/seacms6.61/seacms661.md" "lang": "eng",
} "value": "SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SecWiki/CMS-Hunter/blob/master/seacms/seacms6.61/seacms661.md",
"refsource": "MISC",
"url": "https://github.com/SecWiki/CMS-Hunter/blob/master/seacms/seacms6.61/seacms661.md"
}
]
}
}

130
2018/14xxx/CVE-2018-14605.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14605", "ID": "CVE-2018-14605",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/", "description_data": [
"refsource" : "MISC", {
"url" : "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/" "lang": "eng",
}, "value": "An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit."
{ }
"name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/47793", ]
"refsource" : "CONFIRM", },
"url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/47793" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/47793",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/47793"
},
{
"name": "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/",
"refsource": "MISC",
"url": "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/"
}
]
}
}

120
2018/14xxx/CVE-2018-14959.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14959", "ID": "CVE-2018-14959",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/alterebro/WeaselCMS/issues/6", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/alterebro/WeaselCMS/issues/6" "lang": "eng",
} "value": "An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/alterebro/WeaselCMS/issues/6",
"refsource": "MISC",
"url": "https://github.com/alterebro/WeaselCMS/issues/6"
}
]
}
}

130
2018/14xxx/CVE-2018-14985.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14985", "ID": "CVE-2018-14985",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-android.20170630.092853) that contains an exported broadcast receiver that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" "lang": "eng",
}, "value": "The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.android.settings (versionCode=23, versionName=6.0-android.20170630.092853) that contains an exported broadcast receiver that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app."
{ }
"name" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", ]
"refsource" : "MISC", },
"url" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf",
"refsource": "MISC",
"url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf"
},
{
"name": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/",
"refsource": "MISC",
"url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/"
}
]
}
}

34
2018/15xxx/CVE-2018-15255.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15255", "ID": "CVE-2018-15255",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/15xxx/CVE-2018-15288.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15288", "ID": "CVE-2018-15288",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/15xxx/CVE-2018-15479.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15479", "ID": "CVE-2018-15479",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. Devices did not authenticate themselves to the cloud in device to cloud communication. This lack of device authentication allowed an attacker to impersonate any device by guessing or learning their MAC address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt" "lang": "eng",
} "value": "An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. Devices did not authenticate themselves to the cloud in device to cloud communication. This lack of device authentication allowed an attacker to impersonate any device by guessing or learning their MAC address."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt",
"refsource": "MISC",
"url": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt"
}
]
}
}

34
2018/15xxx/CVE-2018-15840.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15840", "ID": "CVE-2018-15840",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/15xxx/CVE-2018-15888.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15888", "ID": "CVE-2018-15888",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://wooyun.org/bugs/wooyun-2015-091831", "description_data": [
"refsource" : "MISC", {
"url" : "http://wooyun.org/bugs/wooyun-2015-091831" "lang": "eng",
}, "value": "An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly."
{ }
"name" : "https://www.seebug.org/vuldb/ssvid-96205", ]
"refsource" : "MISC", },
"url" : "https://www.seebug.org/vuldb/ssvid-96205" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wooyun.org/bugs/wooyun-2015-091831",
"refsource": "MISC",
"url": "http://wooyun.org/bugs/wooyun-2015-091831"
},
{
"name": "https://www.seebug.org/vuldb/ssvid-96205",
"refsource": "MISC",
"url": "https://www.seebug.org/vuldb/ssvid-96205"
}
]
}
}

34
2018/20xxx/CVE-2018-20048.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20048", "ID": "CVE-2018-20048",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/20xxx/CVE-2018-20243.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20243", "ID": "CVE-2018-20243",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/20xxx/CVE-2018-20315.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20315", "ID": "CVE-2018-20315",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9098.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9098", "ID": "CVE-2018-9098",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/9xxx/CVE-2018-9307.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9307", "ID": "CVE-2018-9307",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/xuheunbaicai/cangku/blob/master/cve/%E9%AD%94%E6%96%B9%E5%8A%A8%E5%8A%9B_Latest%20version_bug.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/xuheunbaicai/cangku/blob/master/cve/%E9%AD%94%E6%96%B9%E5%8A%A8%E5%8A%9B_Latest%20version_bug.md" "lang": "eng",
} "value": "dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xuheunbaicai/cangku/blob/master/cve/%E9%AD%94%E6%96%B9%E5%8A%A8%E5%8A%9B_Latest%20version_bug.md",
"refsource": "MISC",
"url": "https://github.com/xuheunbaicai/cangku/blob/master/cve/%E9%AD%94%E6%96%B9%E5%8A%A8%E5%8A%9B_Latest%20version_bug.md"
}
]
}
}

34
2018/9xxx/CVE-2018-9319.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-9319", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-9319",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9318. Reason: This candidate is a reservation duplicate of CVE-2018-9318. Notes: All CVE users should reference CVE-2018-9318 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9318. Reason: This candidate is a reservation duplicate of CVE-2018-9318. Notes: All CVE users should reference CVE-2018-9318 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9443.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9443", "ID": "CVE-2018-9443",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9884.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9884", "ID": "CVE-2018-9884",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }