admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:47:15 +00:00
parent 7cabe8712c
commit 2d993f26f7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3713 additions and 3713 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2002/0xxx/CVE-2002-0329.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0329", "ID": "CVE-2002-0329",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020227 RE: Open Bulletin Board javascript bug.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101485184605149&w=2" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag."
{ }
"name" : "20020227 Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.)", ]
"refsource" : "BUGTRAQ", },
"url" : "http://online.securityfocus.com/archive/1/258981" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660", "description": [
"refsource" : "CONFIRM", {
"url" : "http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#132011", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/132011" ]
}, },
{ "references": {
"name" : "4192", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4192" "name": "http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660",
}, "refsource": "CONFIRM",
{ "url": "http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660"
"name" : "snitz-img-css(8309)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8309.php" "name": "20020227 RE: Open Bulletin Board javascript bug.",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=101485184605149&w=2"
} },
} {
"name": "VU#132011",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/132011"
},
{
"name": "4192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4192"
},
{
"name": "20020227 Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/258981"
},
{
"name": "snitz-img-css(8309)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8309.php"
}
]
}
}

140
2002/0xxx/CVE-2002-0475.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0475", "ID": "CVE-2002-0475",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securiteam.com/unixfocus/6W00Q202UM.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securiteam.com/unixfocus/6W00Q202UM.html" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message."
{ }
"name" : "phpbb-cross-site-scripting(7459)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/7459.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4379", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4379" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/unixfocus/6W00Q202UM.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/6W00Q202UM.html"
},
{
"name": "phpbb-cross-site-scripting(7459)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7459.php"
},
{
"name": "4379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4379"
}
]
}
}

230
2002/0xxx/CVE-2002-0656.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0656", "ID": "CVE-2002-0656",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "CA-2002-23", "description_data": [
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2002-23.html" "lang": "eng",
}, "value": "Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3."
{ }
"name" : "VU#102795", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/102795" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#258555", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/258555" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CSSA-2002-033.0", ]
"refsource" : "CALDERA", }
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt" ]
}, },
{ "references": {
"name" : "CSSA-2002-033.1", "reference_data": [
"refsource" : "CALDERA", {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt" "name": "5363",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/5363"
"name" : "FreeBSD-SA-02:33", },
"refsource" : "FREEBSD", {
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc" "name": "5362",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/5362"
"name" : "MDKSA-2002:046", },
"refsource" : "MANDRAKE", {
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php" "name": "VU#102795",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/102795"
"name" : "CLA-2002:513", },
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513" "name": "MDKSA-2002:046",
}, "refsource": "MANDRAKE",
{ "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php"
"name" : "openssl-ssl2-masterkey-bo(9714)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9714.php" "name": "CSSA-2002-033.0",
}, "refsource": "CALDERA",
{ "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
"name" : "5362", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5362" "name": "VU#258555",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/258555"
"name" : "5363", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5363" "name": "openssl-ssl2-masterkey-bo(9714)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/9714.php"
"name" : "openssl-ssl3-sessionid-bo(9716)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9716.php" "name": "CA-2002-23",
} "refsource": "CERT",
] "url": "http://www.cert.org/advisories/CA-2002-23.html"
} },
} {
"name": "CSSA-2002-033.1",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
},
{
"name": "CLA-2002:513",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513"
},
{
"name": "FreeBSD-SA-02:33",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
},
{
"name": "openssl-ssl3-sessionid-bo(9716)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9716.php"
}
]
}
}

220
2002/0xxx/CVE-2002-0679.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0679", "ID": "CVE-2002-0679",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020812 ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=102917002523536&w=2" "lang": "eng",
}, "value": "Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure."
{ }
"name" : "CA-2002-26", ]
"refsource" : "CERT", },
"url" : "http://www.cert.org/advisories/CA-2002-26.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#387387", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/387387" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "IY32792", ]
"refsource" : "AIXAPAR", }
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY32792&apar=only" ]
}, },
{ "references": {
"name" : "IY32793", "reference_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY32793&apar=only" "name": "oval:org.mitre.oval:def:177",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A177"
"name" : "HPSBUX0207-199", },
"refsource" : "HP", {
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199" "name": "tooltalk-ttdbserverd-ttcreatefile-bo(9822)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/9822.php"
"name" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity", },
"refsource" : "CONFIRM", {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity" "name": "20020812 ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=102917002523536&w=2"
"name" : "tooltalk-ttdbserverd-ttcreatefile-bo(9822)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9822.php" "name": "HPSBUX0207-199",
}, "refsource": "HP",
{ "url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199"
"name" : "5444", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5444" "name": "5444",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/5444"
"name" : "oval:org.mitre.oval:def:177", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A177" "name": "IY32792",
}, "refsource": "AIXAPAR",
{ "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY32792&apar=only"
"name" : "oval:org.mitre.oval:def:192", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A192" "name": "oval:org.mitre.oval:def:192",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A192"
} },
} {
"name": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity"
},
{
"name": "CA-2002-26",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-26.html"
},
{
"name": "IY32793",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY32793&apar=only"
},
{
"name": "VU#387387",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/387387"
}
]
}
}

140
2002/1xxx/CVE-2002-1104.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1104", "ID": "CVE-2002-1104",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml" "lang": "eng",
}, "value": "Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS)."
{ }
"name" : "cisco-vpn-tcp-dos(10042)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10042" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5649", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5649" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "cisco-vpn-tcp-dos(10042)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10042"
},
{
"name": "20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml"
},
{
"name": "5649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5649"
}
]
}
}

190
2002/1xxx/CVE-2002-1175.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1175", "ID": "CVE-2002-1175",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020929 Advisory 03/2002: Fetchmail remote vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103340148625187&w=2" "lang": "eng",
}, "value": "The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary."
{ }
"name" : "MDKSA-2002:063", ]
"refsource" : "MANDRAKE", },
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-171", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-171" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CLA-2002:531", ]
"refsource" : "CONECTIVA", }
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531" ]
}, },
{ "references": {
"name" : "RHSA-2002:215", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2002-215.html" "name": "MDKSA-2002:063",
}, "refsource": "MANDRAKE",
{ "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php"
"name" : "ESA-20021003-023", },
"refsource" : "ENGARDE", {
"url" : "http://www.linuxsecurity.com/advisories/other_advisory-2402.html" "name": "20020929 Advisory 03/2002: Fetchmail remote vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=103340148625187&w=2"
"name" : "fetchmail-multidrop-bo(10203)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10203.php" "name": "RHSA-2002:215",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2002-215.html"
"name" : "5826", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5826" "name": "fetchmail-multidrop-bo(10203)",
} "refsource": "XF",
] "url": "http://www.iss.net/security_center/static/10203.php"
} },
} {
"name": "CLA-2002:531",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531"
},
{
"name": "ESA-20021003-023",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2402.html"
},
{
"name": "5826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5826"
},
{
"name": "DSA-171",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-171"
}
]
}
}

140
2002/1xxx/CVE-2002-1268.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1268", "ID": "CVE-2002-1268",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka \"User Privilege Elevation via Mounting an ISO 9600 CD.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.info.apple.com/usen/security/security_updates.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.info.apple.com/usen/security/security_updates.html" "lang": "eng",
}, "value": "Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka \"User Privilege Elevation via Mounting an ISO 9600 CD.\""
{ }
"name" : "macos-iso9600-gain-privileges(10828)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10828" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "7059", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/7059" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.info.apple.com/usen/security/security_updates.html",
"refsource": "CONFIRM",
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"name": "macos-iso9600-gain-privileges(10828)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10828"
},
{
"name": "7059",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7059"
}
]
}
}

140
2002/1xxx/CVE-2002-1534.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1534", "ID": "CVE-2002-1534",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021006 Flash player can read local files", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0083.html" "lang": "eng",
}, "value": "Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share."
{ }
"name" : "flash-xml-read-files(10297)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/10297.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5904", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5904" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20021006 Flash player can read local files",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0083.html"
},
{
"name": "5904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5904"
},
{
"name": "flash-xml-read-files(10297)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10297.php"
}
]
}
}

140
2002/1xxx/CVE-2002-1619.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1619", "ID": "CVE-2002-1619",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "IY27310", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY27310&apar=only" "lang": "eng",
}, "value": "Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump)."
{ }
"name" : "VU#152955", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/152955" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "aix-fc-client-bo(10127)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10127" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "aix-fc-client-bo(10127)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10127"
},
{
"name": "VU#152955",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/152955"
},
{
"name": "IY27310",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY27310&apar=only"
}
]
}
}

160
2002/1xxx/CVE-2002-1656.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1656", "ID": "CVE-2002-1656",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ifrance.com/kitetoua/tuto/x_holes.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.ifrance.com/kitetoua/tuto/x_holes.txt" "lang": "eng",
}, "value": "X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie."
{ }
"name" : "VU#162723", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/162723" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4283", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4283" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1003828", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1003828" ]
}, },
{ "references": {
"name" : "xnews-users-world-readable(8465)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8465" "name": "VU#162723",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/162723"
} },
} {
"name": "1003828",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1003828"
},
{
"name": "xnews-users-world-readable(8465)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8465"
},
{
"name": "http://www.ifrance.com/kitetoua/tuto/x_holes.txt",
"refsource": "MISC",
"url": "http://www.ifrance.com/kitetoua/tuto/x_holes.txt"
},
{
"name": "4283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4283"
}
]
}
}

140
2002/2xxx/CVE-2002-2241.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2241", "ID": "CVE-2002-2241",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service (crash) via a long HTTP OPTIONS request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021211 Denial of Service vulnerability in VisNetic Website", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0101.html" "lang": "eng",
}, "value": "Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3.5.15 allows remote attackers to cause a denial of service (crash) via a long HTTP OPTIONS request."
{ }
"name" : "6364", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6364" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "visnetic-website-url-dos(10840)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10840" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20021211 Denial of Service vulnerability in VisNetic Website",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0101.html"
},
{
"name": "6364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6364"
},
{
"name": "visnetic-website-url-dos(10840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10840"
}
]
}
}

120
2003/0xxx/CVE-2003-0610.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0610", "ID": "CVE-2003-0610",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp" "lang": "eng",
} "value": "Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp",
"refsource": "CONFIRM",
"url": "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp"
}
]
}
}

150
2012/0xxx/CVE-2012-0287.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0287", "ID": "CVE-2012-0287",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the \"Duplicate comment detected\" feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the \"Duplicate comment detected\" feature."
{ }
"name" : "https://wordpress.org/news/2012/01/wordpress-3-3-1/", ]
"refsource" : "CONFIRM", },
"url" : "https://wordpress.org/news/2012/01/wordpress-3-3-1/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "51237", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51237" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026542", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026542" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1026542",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026542"
},
{
"name": "http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html",
"refsource": "MISC",
"url": "http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html"
},
{
"name": "51237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51237"
},
{
"name": "https://wordpress.org/news/2012/01/wordpress-3-3-1/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2012/01/wordpress-3-3-1/"
}
]
}
}

120
2012/0xxx/CVE-2012-0397.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2012-0397", "ID": "CVE-2012-0397",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120305 ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/521885" "lang": "eng",
} "value": "Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120305 ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/521885"
}
]
}
}

160
2012/0xxx/CVE-2012-0567.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-0567", "ID": "CVE-2012-0567",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core, a different vulnerability than CVE-2012-0545 and CVE-2012-0546."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core, a different vulnerability than CVE-2012-0545 and CVE-2012-0546."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53114", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53114" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026953", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026953" ]
}, },
{ "references": {
"name" : "48831", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48831" "name": "53114",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/53114"
} },
} {
"name": "1026953",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026953"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "48831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48831"
}
]
}
}

200
2012/0xxx/CVE-2012-0627.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-0627", "ID": "CVE-2012-0627",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2012-03-07-1", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
{ }
"name" : "APPLE-SA-2012-03-07-2", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2012-03-12-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52365", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/52365" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:17429", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17429" "name": "52365",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52365"
"name" : "1026774", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026774" "name": "1026774",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026774"
"name" : "48274", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48274" "name": "48377",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48377"
"name" : "48288", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48288" "name": "APPLE-SA-2012-03-12-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
"name" : "48377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48377" "name": "oval:org.mitre.oval:def:17429",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17429"
} },
} {
"name": "48274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48274"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
}

34
2012/0xxx/CVE-2012-0653.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0653", "ID": "CVE-2012-0653",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/0xxx/CVE-2012-0886.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0886", "ID": "CVE-2012-0886",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2012/1xxx/CVE-2012-1864.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-1864", "ID": "CVE-2012-1864",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka \"String Atom Class Name Handling Vulnerability,\" a different vulnerability than CVE-2012-1865."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-041", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-041" "lang": "eng",
}, "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka \"String Atom Class Name Handling Vulnerability,\" a different vulnerability than CVE-2012-1865."
{ }
"name" : "TA12-164A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:15496", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15496" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "TA12-164A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
},
{
"name": "oval:org.mitre.oval:def:15496",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15496"
},
{
"name": "MS12-041",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-041"
}
]
}
}

130
2012/1xxx/CVE-2012-1982.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1982", "ID": "CVE-2012-1982",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.webapp-security.com/wp-content/uploads/2012/03/SocialCMS-1.0.2-XSS-Persistent-and-Reflected-Vulnerabilities1.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.webapp-security.com/wp-content/uploads/2012/03/SocialCMS-1.0.2-XSS-Persistent-and-Reflected-Vulnerabilities1.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action."
{ }
"name" : "socialcms-admin1listpages-xss(74540)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74540" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "socialcms-admin1listpages-xss(74540)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74540"
},
{
"name": "http://www.webapp-security.com/wp-content/uploads/2012/03/SocialCMS-1.0.2-XSS-Persistent-and-Reflected-Vulnerabilities1.txt",
"refsource": "MISC",
"url": "http://www.webapp-security.com/wp-content/uploads/2012/03/SocialCMS-1.0.2-XSS-Persistent-and-Reflected-Vulnerabilities1.txt"
}
]
}
}

34
2012/3xxx/CVE-2012-3341.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3341", "ID": "CVE-2012-3341",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/3xxx/CVE-2012-3346.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3346", "ID": "CVE-2012-3346",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

190
2012/3xxx/CVE-2012-3367.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3367", "ID": "CVE-2012-3367",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=836268", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=836268" "lang": "eng",
}, "value": "Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate."
{ }
"name" : "https://fedorahosted.org/pki/changeset/2430", ]
"refsource" : "CONFIRM", },
"url" : "https://fedorahosted.org/pki/changeset/2430" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2012:1103", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1103.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "54608", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/54608" ]
}, },
{ "references": {
"name" : "84098", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/84098" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=836268",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=836268"
"name" : "1027284", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027284" "name": "1027284",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027284"
"name" : "50013", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50013" "name": "84098",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/84098"
"name" : "rhcs-certificate-manager-sec-bypass(77102)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77102" "name": "50013",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/50013"
} },
} {
"name": "https://fedorahosted.org/pki/changeset/2430",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/pki/changeset/2430"
},
{
"name": "rhcs-certificate-manager-sec-bypass(77102)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77102"
},
{
"name": "54608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54608"
},
{
"name": "RHSA-2012:1103",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1103.html"
}
]
}
}

260
2012/3xxx/CVE-2012-3451.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3451", "ID": "CVE-2012-3451",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=851896", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=851896" "lang": "eng",
}, "value": "Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body."
{ }
"name" : "http://cxf.apache.org/cve-2012-3451.html", ]
"refsource" : "CONFIRM", },
"url" : "http://cxf.apache.org/cve-2012-3451.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1368559", "description": [
"refsource" : "CONFIRM", {
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1368559" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2012:1591", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1591.html" ]
}, },
{ "references": {
"name" : "RHSA-2012:1592", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1592.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=851896",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896"
"name" : "RHSA-2012:1594", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1594.html" "name": "RHSA-2013:0256",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html"
"name" : "RHSA-2013:0256", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0256.html" "name": "http://svn.apache.org/viewvc?view=revision&revision=1368559",
}, "refsource": "CONFIRM",
{ "url": "http://svn.apache.org/viewvc?view=revision&revision=1368559"
"name" : "RHSA-2013:0257", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0257.html" "name": "RHSA-2012:1594",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1594.html"
"name" : "RHSA-2013:0258", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0258.html" "name": "RHSA-2013:0257",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html"
"name" : "RHSA-2013:0259", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0259.html" "name": "51607",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51607"
"name" : "RHSA-2013:0726", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0726.html" "name": "RHSA-2013:0258",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html"
"name" : "RHSA-2013:0743", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0743.html" "name": "apache-cfx-soapaction-security-bypass(78734)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78734"
"name" : "51607", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51607" "name": "RHSA-2012:1592",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1592.html"
"name" : "52183", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52183" "name": "52183",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/52183"
"name" : "apache-cfx-soapaction-security-bypass(78734)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78734" "name": "RHSA-2013:0743",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html"
} },
} {
"name": "RHSA-2012:1591",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1591.html"
},
{
"name": "RHSA-2013:0259",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html"
},
{
"name": "http://cxf.apache.org/cve-2012-3451.html",
"refsource": "CONFIRM",
"url": "http://cxf.apache.org/cve-2012-3451.html"
},
{
"name": "RHSA-2013:0726",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html"
}
]
}
}

170
2012/3xxx/CVE-2012-3600.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-3600", "ID": "CVE-2012-3600",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5400", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5400" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
{ }
"name" : "http://support.apple.com/kb/HT5485", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5485" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5503", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2012-07-25-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-09-12-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "APPLE-SA-2012-09-19-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
} },
} {
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
}

34
2012/3xxx/CVE-2012-3932.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3932", "ID": "CVE-2012-3932",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2012/4xxx/CVE-2012-4267.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4267", "ID": "CVE-2012-4267",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18868", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18868" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter."
{ }
"name" : "http://smwyg.com/blog/#sockso-persistant-xss-attack", ]
"refsource" : "MISC", },
"url" : "http://smwyg.com/blog/#sockso-persistant-xss-attack" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/rodnaph/sockso/issues/93", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/rodnaph/sockso/issues/93" ]
}, },
{ "references": {
"name" : "https://github.com/rodnaph/sockso/pull/99/files", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/rodnaph/sockso/pull/99/files" "name": "49148",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49148"
"name" : "49148", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49148" "name": "18868",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/18868"
} },
} {
"name": "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136",
"refsource": "CONFIRM",
"url": "https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136"
},
{
"name": "https://github.com/rodnaph/sockso/pull/99/files",
"refsource": "CONFIRM",
"url": "https://github.com/rodnaph/sockso/pull/99/files"
},
{
"name": "https://github.com/rodnaph/sockso/issues/93",
"refsource": "CONFIRM",
"url": "https://github.com/rodnaph/sockso/issues/93"
},
{
"name": "http://smwyg.com/blog/#sockso-persistant-xss-attack",
"refsource": "MISC",
"url": "http://smwyg.com/blog/#sockso-persistant-xss-attack"
}
]
}
}

150
2012/4xxx/CVE-2012-4920.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2012-4920", "ID": "CVE-2012-4920",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://wordpress.org/plugins/zingiri-forum/changelog", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://wordpress.org/plugins/zingiri-forum/changelog" "lang": "eng",
}, "value": "Directory traversal vulnerability in the zing_forum_output function in forum.php in the Zingiri Forum (aka Forums) plugin before 1.4.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter to index.php."
{ }
"name" : "89069", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/89069" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50833", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50833" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "wp-zingiriforum-url-directory-traversal(81156)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81156" ]
} },
] "references": {
} "reference_data": [
} {
"name": "50833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50833"
},
{
"name": "http://wordpress.org/plugins/zingiri-forum/changelog",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/zingiri-forum/changelog"
},
{
"name": "89069",
"refsource": "OSVDB",
"url": "http://osvdb.org/89069"
},
{
"name": "wp-zingiriforum-url-directory-traversal(81156)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81156"
}
]
}
}

140
2012/4xxx/CVE-2012-4997.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4997", "ID": "CVE-2012-4997",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18559", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18559" "lang": "eng",
}, "value": "Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter."
{ }
"name" : "52272", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/52272" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "anecms-index-local-file-include(73682)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73682" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "52272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52272"
},
{
"name": "18559",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18559"
},
{
"name": "anecms-index-local-file-include(73682)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73682"
}
]
}
}

34
2012/6xxx/CVE-2012-6199.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6199", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-6199",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

150
2017/2xxx/CVE-2017-2191.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2191", "ID": "CVE-2017-2191",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "RW-5100 driver installer for Windows 7", "product_name": "RW-5100 driver installer for Windows 7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1.0.0.9" "version_value": "version 1.0.0.9"
} }
] ]
} }
}, },
{ {
"product_name" : "RW-5100 driver installer for Windows 8.1", "product_name": "RW-5100 driver installer for Windows 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1.0.1.0" "version_value": "version 1.0.1.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Sharp Corporation" "vendor_name": "Sharp Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#51274854", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN51274854/index.html" "lang": "eng",
}, "value": "Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
{ }
"name" : "99290", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99290" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99290"
},
{
"name": "JVN#51274854",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51274854/index.html"
}
]
}
}

130
2017/2xxx/CVE-2017-2325.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sirt@juniper.net", "ASSIGNER": "sirt@juniper.net",
"ID" : "CVE-2017-2325", "ID": "CVE-2017-2325",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "NorthStar Controller Application", "product_name": "NorthStar Controller Application",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to version 2.1.0 Service Pack 1" "version_value": "prior to version 2.1.0 Service Pack 1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Juniper Networks" "vendor_name": "Juniper Networks"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow leading to a denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.juniper.net/JSA10783", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.juniper.net/JSA10783" "lang": "eng",
}, "value": "A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service."
{ }
"name" : "97602", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97602" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "buffer overflow leading to a denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "97602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97602"
}
]
}
}

190
2017/2xxx/CVE-2017-2354.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2354", "ID": "CVE-2017-2354",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207481", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207481" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
{ }
"name" : "https://support.apple.com/HT207482", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207482" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207484", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207484" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207485", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207485" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT207486", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207486" "name": "95736",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/95736"
"name" : "GLSA-201706-15", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201706-15" "name": "https://support.apple.com/HT207486",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207486"
"name" : "95736", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95736" "name": "https://support.apple.com/HT207485",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207485"
"name" : "1037668", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037668" "name": "GLSA-201706-15",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201706-15"
} },
} {
"name": "https://support.apple.com/HT207481",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207481"
},
{
"name": "https://support.apple.com/HT207484",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207484"
},
{
"name": "https://support.apple.com/HT207482",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207482"
},
{
"name": "1037668",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037668"
}
]
}
}

132
2017/2xxx/CVE-2017-2725.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-2725", "ID": "CVE-2017-2725",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "P10 Plus,P10", "product_name": "P10 Plus,P10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Eariler than VKY-AL00C00B123 verisons,Earlier than VTR-AL00C00B123 versions" "version_value": "Eariler than VKY-AL00C00B123 verisons,Earlier than VTR-AL00C00B123 versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en" "lang": "eng",
}, "value": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution."
{ }
"name" : "97696", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97696" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97696"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
}
]
}
}

130
2017/2xxx/CVE-2017-2843.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"ID" : "CVE-2017-2843", "ID": "CVE-2017-2843",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Indoor IP Camera C1 Series", "product_name": "Indoor IP Camera C1 Series",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foscam" "vendor_name": "Foscam"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "command injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345" "lang": "eng",
}, "value": "In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
{ }
"name" : "99184", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99184" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0345"
},
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
}
]
}
}

142
2017/2xxx/CVE-2017-2862.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-08-30T00:00:00", "DATE_PUBLIC": "2017-08-30T00:00:00",
"ID" : "CVE-2017-2862", "ID": "CVE-2017-2862",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Gdk-Pixbuf", "product_name": "Gdk-Pixbuf",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc libjpeg-turbo 1.5.2" "version_value": "2.36.6 commit: aba8d88798dfc2f3856ea0ddda14b06174bbb2bc libjpeg-turbo 1.5.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "GNOME" "vendor_name": "GNOME"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366" "lang": "eng",
}, "value": "An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability."
{ }
"name" : "DSA-3978", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2017/dsa-3978" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100541", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100541" "lang": "eng",
} "value": "remote code execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366"
},
{
"name": "DSA-3978",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3978"
},
{
"name": "100541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100541"
}
]
}
}

150
2017/6xxx/CVE-2017-6088.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6088", "ID": "CVE-2017-6088",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41747", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41747/" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_functions.php or the (5) type parameter to monitoring_ged/ajax.php."
{ }
"name" : "[oss-security] 20170323 [CVE-2017-6088] EON 5.0 Multiple SQL Injection", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2017/03/23/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://sysdream.com/news/lab/2017-03-14-cve-2017-6088-eon-5-0-multiple-sql-injection/", "description": [
"refsource" : "MISC", {
"url" : "https://sysdream.com/news/lab/2017-03-14-cve-2017-6088-eon-5-0-multiple-sql-injection/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "97084", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/97084" ]
} },
] "references": {
} "reference_data": [
} {
"name": "41747",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41747/"
},
{
"name": "[oss-security] 20170323 [CVE-2017-6088] EON 5.0 Multiple SQL Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/03/23/4"
},
{
"name": "https://sysdream.com/news/lab/2017-03-14-cve-2017-6088-eon-5-0-multiple-sql-injection/",
"refsource": "MISC",
"url": "https://sysdream.com/news/lab/2017-03-14-cve-2017-6088-eon-5-0-multiple-sql-injection/"
},
{
"name": "97084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97084"
}
]
}
}

34
2017/6xxx/CVE-2017-6185.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6185", "ID": "CVE-2017-6185",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/6xxx/CVE-2017-6727.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6727", "ID": "CVE-2017-6727",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Wide Area Application Services", "product_name": "Cisco Wide Area Application Services",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Wide Area Application Services" "version_value": "Cisco Wide Area Application Services"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas" "lang": "eng",
}, "value": "A vulnerability in the Server Message Block (SMB) protocol of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device due to a process restarting unexpectedly and creating Core Dump files. More Information: CSCvc63035. Known Affected Releases: 6.2(3a). Known Fixed Releases: 6.3(0.167) 6.2(3c)5 6.2(3.22)."
{ }
"name" : "99483", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99483" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038824", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038824" "lang": "eng",
} "value": "Denial of Service Vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038824",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038824"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-waas"
},
{
"name": "99483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99483"
}
]
}
}

230
2017/7xxx/CVE-2017-7308.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7308", "ID": "CVE-2017-7308",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41994", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41994/" "lang": "eng",
}, "value": "The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls."
{ }
"name" : "44654", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/44654/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html", "description": [
"refsource" : "MISC", {
"url" : "https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://patchwork.ozlabs.org/patch/744811/", ]
"refsource" : "CONFIRM", }
"url" : "https://patchwork.ozlabs.org/patch/744811/" ]
}, },
{ "references": {
"name" : "https://patchwork.ozlabs.org/patch/744812/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://patchwork.ozlabs.org/patch/744812/" "name": "RHSA-2017:1308",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1308"
"name" : "https://patchwork.ozlabs.org/patch/744813/", },
"refsource" : "CONFIRM", {
"url" : "https://patchwork.ozlabs.org/patch/744813/" "name": "https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html",
}, "refsource": "MISC",
{ "url": "https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html"
"name" : "https://source.android.com/security/bulletin/2017-07-01", },
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-07-01" "name": "https://source.android.com/security/bulletin/2017-07-01",
}, "refsource": "CONFIRM",
{ "url": "https://source.android.com/security/bulletin/2017-07-01"
"name" : "RHSA-2017:1297", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1297" "name": "RHSA-2018:1854",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1854"
"name" : "RHSA-2017:1298", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1298" "name": "97234",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/97234"
"name" : "RHSA-2017:1308", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1308" "name": "https://patchwork.ozlabs.org/patch/744812/",
}, "refsource": "CONFIRM",
{ "url": "https://patchwork.ozlabs.org/patch/744812/"
"name" : "RHSA-2018:1854", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1854" "name": "41994",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/41994/"
"name" : "97234", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97234" "name": "https://patchwork.ozlabs.org/patch/744813/",
} "refsource": "CONFIRM",
] "url": "https://patchwork.ozlabs.org/patch/744813/"
} },
} {
"name": "44654",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44654/"
},
{
"name": "https://patchwork.ozlabs.org/patch/744811/",
"refsource": "CONFIRM",
"url": "https://patchwork.ozlabs.org/patch/744811/"
},
{
"name": "RHSA-2017:1298",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1298"
},
{
"name": "RHSA-2017:1297",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1297"
}
]
}
}

170
2017/7xxx/CVE-2017-7463.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "anemec@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-7463", "ID": "CVE-2017-7463",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "business-central", "product_name": "business-central",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.4.3" "version_value": "6.4.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Red Hat" "vendor_name": "Red Hat"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463" "lang": "eng",
}, "value": "JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code within the context of the affected user."
{ }
"name" : "RHSA-2017:1217", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2017:1217" "impact": {
}, "cvss": [
{ [
"name" : "RHSA-2017:1218", {
"refsource" : "REDHAT", "vectorString": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"url" : "https://access.redhat.com/errata/RHSA-2017:1218" "version": "3.0"
}, }
{ ]
"name" : "98385", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98385" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1217",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1217"
},
{
"name": "RHSA-2017:1218",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1218"
},
{
"name": "98385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98385"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7463"
}
]
}
}

150
2017/7xxx/CVE-2017-7612.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7612", "ID": "CVE-2017-7612",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html" "lang": "eng",
}, "value": "The check_sysv_hash function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file."
{ }
"name" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c", ]
"refsource" : "MISC", },
"url" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201710-10", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201710-10" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-3670-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3670-1/" ]
} },
] "references": {
} "reference_data": [
} {
"name": "USN-3670-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3670-1/"
},
{
"name": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c"
},
{
"name": "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html"
},
{
"name": "GLSA-201710-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-10"
}
]
}
}

296
2017/7xxx/CVE-2017-7828.json
View File

@ -1,150 +1,150 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2017-7828", "ID": "CVE-2017-7828",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "57" "version_value": "57"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox ESR", "product_name": "Firefox ESR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.5" "version_value": "52.5"
} }
] ]
} }
}, },
{ {
"product_name" : "Thunderbird", "product_name": "Thunderbird",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "52.5" "version_value": "52.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use-after-free vulnerability can occur when flushing and resizing layout because the \"PressShell\" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free of PressShell while restyling layout"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html" "lang": "eng",
}, "value": "A use-after-free vulnerability can occur when flushing and resizing layout because the \"PressShell\" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5."
{ }
"name" : "[debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1406750", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1406750" "lang": "eng",
}, "value": "Use-after-free of PressShell while restyling layout"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1412252", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1412252" ]
}, },
{ "references": {
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-24/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-24/" "name": "[debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html"
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-25/", },
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-25/" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1406750",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1406750"
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-26/", },
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-26/" "name": "DSA-4035",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2017/dsa-4035"
"name" : "DSA-4035", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4035" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1412252",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1412252"
"name" : "DSA-4061", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4061" "name": "https://www.mozilla.org/security/advisories/mfsa2017-24/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/"
"name" : "DSA-4075", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4075" "name": "https://www.mozilla.org/security/advisories/mfsa2017-25/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2017-25/"
"name" : "RHSA-2017:3247", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3247" "name": "101832",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/101832"
"name" : "RHSA-2017:3372", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3372" "name": "https://www.mozilla.org/security/advisories/mfsa2017-26/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2017-26/"
"name" : "101832", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101832" "name": "1039803",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1039803"
"name" : "1039803", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039803" "name": "DSA-4061",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2017/dsa-4061"
} },
} {
"name": "[debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html"
},
{
"name": "RHSA-2017:3247",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3247"
},
{
"name": "DSA-4075",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4075"
},
{
"name": "RHSA-2017:3372",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3372"
}
]
}
}

120
2018/10xxx/CVE-2018-10108.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10108", "ID": "CVE-2018-10108",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md" "lang": "eng",
} "value": "D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md",
"refsource": "MISC",
"url": "https://github.com/iceMatcha/Some-Vulnerabilities-of-D-link-Dir815/blob/master/Vulnerabilities_Summary.md"
}
]
}
}

120
2018/10xxx/CVE-2018-10113.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10113", "ID": "CVE-2018-10113",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/xiaoqx/pocs/tree/master/gegl", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/xiaoqx/pocs/tree/master/gegl" "lang": "eng",
} "value": "An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xiaoqx/pocs/tree/master/gegl",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/tree/master/gegl"
}
]
}
}

34
2018/14xxx/CVE-2018-14136.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14136", "ID": "CVE-2018-14136",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/14xxx/CVE-2018-14290.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14290", "ID": "CVE-2018-14290",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.1.5096" "version_value": "9.0.1.5096"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6222."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-122-Heap-based Buffer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-750", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-750" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6222."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-122-Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-750",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-750"
}
]
}
}

140
2018/14xxx/CVE-2018-14954.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14954", "ID": "CVE-2018-14954",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.openwall.com/lists/oss-security/2018/07/26/2", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.openwall.com/lists/oss-security/2018/07/26/2" "lang": "eng",
}, "value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute."
{ }
"name" : "https://bugs.debian.org/905023", ]
"refsource" : "MISC", },
"url" : "https://bugs.debian.org/905023" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://sourceforge.net/p/squirrelmail/bugs/2831/", "description": [
"refsource" : "MISC", {
"url" : "https://sourceforge.net/p/squirrelmail/bugs/2831/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/squirrelmail/bugs/2831/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2018/07/26/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"name": "https://bugs.debian.org/905023",
"refsource": "MISC",
"url": "https://bugs.debian.org/905023"
}
]
}
}

34
2018/15xxx/CVE-2018-15270.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15270", "ID": "CVE-2018-15270",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/15xxx/CVE-2018-15311.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "f5sirt@f5.com", "ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC" : "2018-10-09T00:00:00", "DATE_PUBLIC": "2018-10-09T00:00:00",
"ID" : "CVE-2018-15311", "ID": "CVE-2018-15311",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "13.0.0-13.1.0.5" "version_value": "13.0.0-13.1.0.5"
}, },
{ {
"version_value" : "12.1.0-12.1.3.5" "version_value": "12.1.0-12.1.3.5"
}, },
{ {
"version_value" : "11.6.0-11.6.3.2" "version_value": "11.6.0-11.6.3.2"
}, },
{ {
"version_value" : "11.5.1-11.5.6" "version_value": "11.5.1-11.5.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "F5 Networks, Inc." "vendor_name": "F5 Networks, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.f5.com/csp/article/K07550539", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.f5.com/csp/article/K07550539" "lang": "eng",
} "value": "When F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.5.1-11.5.6 is processing specially crafted TCP traffic with the Large Receive Offload (LRO) feature enabled, TMM may crash, leading to a failover event. This vulnerability is not exposed unless LRO is enabled, so most affected customers will be on 13.1.x. LRO has been available since 11.4.0 but is not enabled by default until 13.1.0."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K07550539",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K07550539"
}
]
}
}

34
2018/15xxx/CVE-2018-15609.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15609", "ID": "CVE-2018-15609",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/20xxx/CVE-2018-20000.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20000", "ID": "CVE-2018-20000",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3" "lang": "eng",
}, "value": "Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java."
{ }
"name" : "https://github.com/Bedework/bw-webdav/pull/1", ]
"refsource" : "MISC", },
"url" : "https://github.com/Bedework/bw-webdav/pull/1" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Bedework/bw-webdav/pull/1",
"refsource": "MISC",
"url": "https://github.com/Bedework/bw-webdav/pull/1"
},
{
"name": "https://github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3",
"refsource": "MISC",
"url": "https://github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3"
}
]
}
}

120
2018/20xxx/CVE-2018-20357.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20357", "ID": "CVE-2018-20357",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/knik0/faad2/issues/28", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/knik0/faad2/issues/28" "lang": "eng",
} "value": "A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application crash."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/knik0/faad2/issues/28",
"refsource": "MISC",
"url": "https://github.com/knik0/faad2/issues/28"
}
]
}
}

34
2018/20xxx/CVE-2018-20499.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20499", "ID": "CVE-2018-20499",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9166.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9166", "ID": "CVE-2018-9166",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/9xxx/CVE-2018-9565.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2018-9565", "ID": "CVE-2018-9565",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-16680558" "version_value": "Android-16680558"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-12-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-12-01" "lang": "eng",
}, "value": "In readBytes of xltdecwbxml.c, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-16680558."
{ }
"name" : "106065", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106065" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106065",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106065"
},
{
"name": "https://source.android.com/security/bulletin/2018-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-12-01"
}
]
}
}

34
2018/9xxx/CVE-2018-9673.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9673", "ID": "CVE-2018-9673",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9807.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9807", "ID": "CVE-2018-9807",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }