admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:07:58 +00:00
parent 647fe593ec
commit 3396ee4b7d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3799 additions and 3799 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
2002/0xxx/CVE-2002-0449.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0449", "ID": "CVE-2002-0449",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020305 Buffer Overrun in Talentsoft's Web+ (#NISR01032002A)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101535141925150&w=2" "lang": "eng",
}, "value": "Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long argument to webplus.exe program, which triggers the overflow in webpsvc.exe."
{ }
"name" : "http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943", ]
"refsource" : "CONFIRM", },
"url" : "http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#159907", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/159907" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4233", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/4233" ]
}, },
{ "references": {
"name" : "webplus-webpsvc-bo(8361)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8361.php" "name": "VU#159907",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/159907"
} },
{
"name": "4233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4233"
},
{
"name": "http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943",
"refsource": "CONFIRM",
"url": "http://www.talentsoft.com/Issues/IssueDetail.wml?ID=WP943"
},
{
"name": "webplus-webpsvc-bo(8361)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8361.php"
},
{
"name": "20020305 Buffer Overrun in Talentsoft's Web+ (#NISR01032002A)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101535141925150&w=2"
}
]
}
} }

158
2002/0xxx/CVE-2002-0522.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0522", "ID": "CVE-2002-0522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the \"pseudo\" cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020409 Security holes in ASP-Nuke", "description_data": [
"refsource" : "VULN-DEV", {
"url" : "http://online.securityfocus.com/archive/82/266705" "lang": "eng",
}, "value": "ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the \"pseudo\" cookie."
{ }
"name" : "http://www.asp-nuke.com/news.asp?date=20020412&cat=11", ]
"refsource" : "CONFIRM", },
"url" : "http://www.asp-nuke.com/news.asp?date=20020412&cat=11" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "aspnuke-account-hijacking(8832)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/8832.php" ]
}, },
{ "references": {
"name" : "4484", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4484" "name": "aspnuke-account-hijacking(8832)",
} "refsource": "XF",
] "url": "http://www.iss.net/security_center/static/8832.php"
} },
{
"name": "20020409 Security holes in ASP-Nuke",
"refsource": "VULN-DEV",
"url": "http://online.securityfocus.com/archive/82/266705"
},
{
"name": "http://www.asp-nuke.com/news.asp?date=20020412&cat=11",
"refsource": "CONFIRM",
"url": "http://www.asp-nuke.com/news.asp?date=20020412&cat=11"
},
{
"name": "4484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4484"
},
{
"name": "http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt",
"refsource": "MISC",
"url": "http://www.ifrance.com/kitetoua/tuto/ASPNuke.txt"
}
]
}
} }

138
2002/0xxx/CVE-2002-0554.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0554", "ID": "CVE-2002-0554",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020411 IBM Informix Web DataBlade: SQL injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0135.html" "lang": "eng",
}, "value": "webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request."
{ }
"name" : "4496", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4496" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "informix-wdm-sql-injection(8826)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8826.php" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "4496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4496"
},
{
"name": "20020411 IBM Informix Web DataBlade: SQL injection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0135.html"
},
{
"name": "informix-wdm-sql-injection(8826)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8826.php"
}
]
}
} }

32
2002/1xxx/CVE-2002-1330.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1330", "ID": "CVE-2002-1330",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

228
2002/1xxx/CVE-2002-1365.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1365", "ID": "CVE-2002-1365",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the \"@\" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021213 Advisory 05/2002: Another Fetchmail Remote Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103979751818638&w=2" "lang": "eng",
}, "value": "Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the \"@\" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses."
{ }
"name" : "http://security.e-matters.de/advisories/052002.html", ]
"refsource" : "MISC", },
"url" : "http://security.e-matters.de/advisories/052002.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20021215 GLSA: fetchmail", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104004858802000&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CSSA-2003-001.0", ]
"refsource" : "CALDERA", }
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-001.0.txt" ]
}, },
{ "references": {
"name" : "CLA-2002:554", "reference_data": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000554" "name": "6390",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/6390"
"name" : "DSA-216", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-216" "name": "MDKSA-2003:011",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:011"
"name" : "MDKSA-2003:011", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:011" "name": "20021213 Advisory 05/2002: Another Fetchmail Remote Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=103979751818638&w=2"
"name" : "RHSA-2002:293", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-293.html" "name": "20021215 GLSA: fetchmail",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=104004858802000&w=2"
"name" : "RHSA-2002:294", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-294.html" "name": "DSA-216",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2002/dsa-216"
"name" : "RHSA-2003:155", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-155.html" "name": "fetchmail-address-header-bo(10839)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10839"
"name" : "6390", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6390" "name": "RHSA-2002:293",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2002-293.html"
"name" : "fetchmail-address-header-bo(10839)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10839" "name": "CLA-2002:554",
} "refsource": "CONECTIVA",
] "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000554"
} },
{
"name": "RHSA-2002:294",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-294.html"
},
{
"name": "RHSA-2003:155",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-155.html"
},
{
"name": "CSSA-2003-001.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-001.0.txt"
},
{
"name": "http://security.e-matters.de/advisories/052002.html",
"refsource": "MISC",
"url": "http://security.e-matters.de/advisories/052002.html"
}
]
}
} }

148
2002/1xxx/CVE-2002-1595.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1595", "ID": "CVE-2002-1595",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020109 Multiple Vulnerabilities in Cisco SN 5420 Storage Routers", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml" "lang": "eng",
}, "value": "Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization."
{ }
"name" : "VU#833459", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/833459" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3832", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3832" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "cisco-sn-view-configuration(7828)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7828" ]
} },
] "references": {
} "reference_data": [
{
"name": "cisco-sn-view-configuration(7828)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7828"
},
{
"name": "3832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3832"
},
{
"name": "20020109 Multiple Vulnerabilities in Cisco SN 5420 Storage Routers",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml"
},
{
"name": "VU#833459",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/833459"
}
]
}
} }

138
2002/2xxx/CVE-2002-2017.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2017", "ID": "CVE-2002-2017",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020130 sastcpd 8.0 'authprog' local root vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/253183" "lang": "eng",
}, "value": "sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd."
{ }
"name" : "3994", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3994" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "sas-sastcpd-authprog-env(8024)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8024.php" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "3994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3994"
},
{
"name": "sas-sastcpd-authprog-env(8024)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8024.php"
},
{
"name": "20020130 sastcpd 8.0 'authprog' local root vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/253183"
}
]
}
} }

158
2002/2xxx/CVE-2002-2070.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2070", "ID": "CVE-2002-2070",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/251565" "lang": "eng",
}, "value": "SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted."
{ }
"name" : "http://www.seifried.org/security/advisories/kssa-003.html", ]
"refsource" : "MISC", },
"url" : "http://www.seifried.org/security/advisories/kssa-003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "M-034", "description": [
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/m-034.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3912", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/3912" ]
}, },
{ "references": {
"name" : "ntfs-ads-file-wipe(7953)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7953.php" "name": "3912",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/3912"
} },
{
"name": "http://www.seifried.org/security/advisories/kssa-003.html",
"refsource": "MISC",
"url": "http://www.seifried.org/security/advisories/kssa-003.html"
},
{
"name": "ntfs-ads-file-wipe(7953)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7953.php"
},
{
"name": "M-034",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-034.shtml"
},
{
"name": "20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/251565"
}
]
}
} }

118
2003/0xxx/CVE-2003-0499.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0499", "ID": "CVE-2003-0499",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-335", "description_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2003/dsa-335" "lang": "eng",
} "value": "Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-335",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2003/dsa-335"
}
]
}
} }

158
2003/0xxx/CVE-2003-0992.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0992", "ID": "CVE-2003-0992",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users."
{ }
"name" : "CLA-2004:842", ]
"refsource" : "CONECTIVA", },
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2004:020", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-020.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2004:013", ]
"refsource" : "MANDRAKE", }
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:815", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815" "name": "RHSA-2004:020",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2004-020.html"
} },
{
"name": "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html",
"refsource": "CONFIRM",
"url": "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html"
},
{
"name": "MDKSA-2004:013",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013"
},
{
"name": "oval:org.mitre.oval:def:815",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815"
},
{
"name": "CLA-2004:842",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842"
}
]
}
} }

148
2005/1xxx/CVE-2005-1311.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1311", "ID": "CVE-2005-1311",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=323206", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=323206" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
{ }
"name" : "13372", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/13372" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15828", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/15828" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15107", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/15107" ]
} },
] "references": {
} "reference_data": [
{
"name": "15107",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15107"
},
{
"name": "13372",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13372"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=323206",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=323206"
},
{
"name": "15828",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15828"
}
]
}
} }

468
2009/1xxx/CVE-2009-1838.json
View File

@ -1,237 +1,237 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-1838", "ID": "CVE-2009-1838",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-29.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-29.html" "lang": "eng",
}, "value": "The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=489131", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=489131" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=503580", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=503580" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1820", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2009/dsa-1820" ]
}, },
{ "references": {
"name" : "DSA-1830", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1830" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=489131",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=489131"
"name" : "FEDORA-2009-6366", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html" "name": "ADV-2009-1572",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1572"
"name" : "FEDORA-2009-6411", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html" "name": "RHSA-2009:1096",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2009-1096.html"
"name" : "FEDORA-2009-7567", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html" "name": "oval:org.mitre.oval:def:11080",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080"
"name" : "FEDORA-2009-7614", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html" "name": "SSA:2009-178-01",
}, "refsource": "SLACKWARE",
{ "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275"
"name" : "MDVSA-2009:141", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141" "name": "DSA-1830",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1830"
"name" : "RHSA-2009:1095", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1095.html" "name": "35536",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35536"
"name" : "RHSA-2009:1096", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2009-1096.html" "name": "35602",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35602"
"name" : "RHSA-2009:1125", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1125.html" "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-29.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-29.html"
"name" : "RHSA-2009:1126", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1126.html" "name": "RHSA-2009:1125",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
"name" : "SSA:2009-167-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468" "name": "FEDORA-2009-7614",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
"name" : "SSA:2009-176-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408" "name": "35326",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/35326"
"name" : "SSA:2009-178-01", },
"refsource" : "SLACKWARE", {
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275" "name": "35440",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35440"
"name" : "264308", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" "name": "FEDORA-2009-6411",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html"
"name" : "USN-782-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-782-1" "name": "USN-782-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-782-1"
"name" : "35326", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35326" "name": "35428",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35428"
"name" : "35383", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35383" "name": "35431",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35431"
"name" : "55157", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/55157" "name": "FEDORA-2009-7567",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
"name" : "oval:org.mitre.oval:def:11080", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11080" "name": "35331",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35331"
"name" : "1022397", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022397" "name": "35468",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35468"
"name" : "35331", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35331" "name": "35439",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35439"
"name" : "35428", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35428" "name": "35882",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35882"
"name" : "35431", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35431" "name": "FEDORA-2009-6366",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html"
"name" : "35439", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35439" "name": "MDVSA-2009:141",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
"name" : "35440", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35440" "name": "35415",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35415"
"name" : "35468", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35468" "name": "RHSA-2009:1095",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2009-1095.html"
"name" : "35536", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35536" "name": "35383",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/35383"
"name" : "35415", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35415" "name": "SSA:2009-167-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468"
"name" : "35561", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35561" "name": "55157",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/55157"
"name" : "35602", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35602" "name": "35561",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35561"
"name" : "35882", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35882" "name": "SSA:2009-176-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408"
"name" : "ADV-2009-1572", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1572" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=503580",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=503580"
} },
{
"name": "DSA-1820",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1820"
},
{
"name": "RHSA-2009:1126",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
},
{
"name": "264308",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
},
{
"name": "1022397",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022397"
}
]
}
} }

128
2009/1xxx/CVE-2009-1878.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1878", "ID": "CVE-2009-1878",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-12.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-12.html" "lang": "eng",
}, "value": "Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors."
{ }
"name" : "57191", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/57191" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-12.html"
},
{
"name": "57191",
"refsource": "OSVDB",
"url": "http://osvdb.org/57191"
}
]
}
} }

128
2012/0xxx/CVE-2012-0092.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-0092", "ID": "CVE-2012-0092",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0090."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0090."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
} }

148
2012/0xxx/CVE-2012-0157.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-0157", "ID": "CVE-2012-0157",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka \"PostMessage Function Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-018", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-018" "lang": "eng",
}, "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka \"PostMessage Function Vulnerability.\""
{ }
"name" : "TA12-073A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-073A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "80002", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80002" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14217", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14217" ]
} },
] "references": {
} "reference_data": [
{
"name": "TA12-073A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
},
{
"name": "MS12-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-018"
},
{
"name": "oval:org.mitre.oval:def:14217",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14217"
},
{
"name": "80002",
"refsource": "OSVDB",
"url": "http://osvdb.org/80002"
}
]
}
} }

148
2012/0xxx/CVE-2012-0208.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2012-0208", "ID": "CVE-2012-0208",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh."
{ }
"name" : "DSA-2472", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2012/dsa-2472" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2013:150", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026950", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026950" ]
} },
] "references": {
} "reference_data": [
{
"name": "1026950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026950"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "DSA-2472",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2472"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
} }

148
2012/0xxx/CVE-2012-0519.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-0519", "ID": "CVE-2012-0519",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53072", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53072" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026929", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026929" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "1026929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026929"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "53072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53072"
}
]
}
} }

118
2012/0xxx/CVE-2012-0760.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-0760", "ID": "CVE-2012-0760",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-02.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-02.html" "lang": "eng",
} "value": "The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-02.html"
}
]
}
} }

198
2012/0xxx/CVE-2012-0938.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0938", "ID": "CVE-2012-0938",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2) gettprojectnodes.php in lib/ajax/; the (3) cfield_id parameter in an edit action to lib/cfields/cfieldsEdit.php; the (4) id parameter in an edit action or (5) plan_id parameter in a create action to lib/plan/planMilestonesEdit.php; or the req_spec_id parameter to (6) reqImport.php or (7) in a create action to reqEdit.php in lib/requirements/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120220 SQL Injection Vulnerabilities in TestLink", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0104.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the root_node parameter in the display_children function to (1) getrequirementnodes.php or (2) gettprojectnodes.php in lib/ajax/; the (3) cfield_id parameter in an edit action to lib/cfields/cfieldsEdit.php; the (4) id parameter in an edit action or (5) plan_id parameter in a create action to lib/plan/planMilestonesEdit.php; or the req_spec_id parameter to (6) reqImport.php or (7) in a create action to reqEdit.php in lib/requirements/. NOTE: some of these details are obtained from third party information."
{ }
"name" : "52086", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/52086" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "79450", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/79450" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "79451", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/79451" ]
}, },
{ "references": {
"name" : "79452", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/79452" "name": "79451",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/79451"
"name" : "79453", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/79453" "name": "79453",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/79453"
"name" : "79454", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/79454" "name": "20120220 SQL Injection Vulnerabilities in TestLink",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0104.html"
"name" : "48054", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48054" "name": "48054",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48054"
"name" : "testlink-multiple-scripts-sql-injection(73327)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73327" "name": "79454",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/79454"
} },
{
"name": "79452",
"refsource": "OSVDB",
"url": "http://osvdb.org/79452"
},
{
"name": "testlink-multiple-scripts-sql-injection(73327)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73327"
},
{
"name": "79450",
"refsource": "OSVDB",
"url": "http://osvdb.org/79450"
},
{
"name": "52086",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52086"
}
]
}
} }

168
2012/0xxx/CVE-2012-0973.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0973", "ID": "CVE-2012-0973",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120125 Multiple vulnerabilities in OSclass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0157.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information."
{ }
"name" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_osclass.html", ]
"refsource" : "MISC", },
"url" : "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_osclass.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://osclass.org/2012/01/16/osclass-2-3-5/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://osclass.org/2012/01/16/osclass-2-3-5/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-73", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-73" ]
}, },
{ "references": {
"name" : "51662", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51662" "name": "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-73",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/osclass/OSClass/commit/ff7ef8a97301aaaf6a97fe46c2c27981a86b4e2f#diff-73"
"name" : "47697", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47697" "name": "http://osclass.org/2012/01/16/osclass-2-3-5/",
} "refsource": "CONFIRM",
] "url": "http://osclass.org/2012/01/16/osclass-2-3-5/"
} },
{
"name": "51662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51662"
},
{
"name": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_osclass.html",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_osclass.html"
},
{
"name": "47697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47697"
},
{
"name": "20120125 Multiple vulnerabilities in OSclass",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0157.html"
}
]
}
} }

32
2012/1xxx/CVE-2012-1822.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1822", "ID": "CVE-2012-1822",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

198
2012/3xxx/CVE-2012-3357.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3357", "ID": "CVE-2012-3357",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a \"log msg leak.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120625 Re: CVE Request: viewvc", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/06/25/8" "lang": "eng",
}, "value": "The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a \"log msg leak.\""
{ }
"name" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758", ]
"refsource" : "CONFIRM", },
"url" : "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175", "description": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2563", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2012/dsa-2563" ]
}, },
{ "references": {
"name" : "MDVSA-2013:134", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134" "name": "[oss-security] 20120625 Re: CVE Request: viewvc",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/06/25/8"
"name" : "openSUSE-SU-2012:0831", },
"refsource" : "SUSE", {
"url" : "https://lwn.net/Articles/505096/" "name": "viewvc-svnra-info-disclosure(76615)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76615"
"name" : "54199", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54199" "name": "54199",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/54199"
"name" : "83227", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/83227" "name": "openSUSE-SU-2012:0831",
}, "refsource": "SUSE",
{ "url": "https://lwn.net/Articles/505096/"
"name" : "viewvc-svnra-info-disclosure(76615)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76615" "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175",
} "refsource": "CONFIRM",
] "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0175"
} },
{
"name": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758",
"refsource": "CONFIRM",
"url": "http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758"
},
{
"name": "83227",
"refsource": "OSVDB",
"url": "http://osvdb.org/83227"
},
{
"name": "MDVSA-2013:134",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:134"
},
{
"name": "DSA-2563",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2563"
}
]
}
} }

158
2012/3xxx/CVE-2012-3549.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3549", "ID": "CVE-2012-3549",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20226", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/20226" "lang": "eng",
}, "value": "The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk."
{ }
"name" : "[oss-security] 20120828 CVE for FreeBSD SCTP remote DoS?", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/08/28/9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20120829 Re: CVE request: FreeBSD SCTP remote DoS", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/08/29/6" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686962", ]
"refsource" : "MISC", }
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686962" ]
}, },
{ "references": {
"name" : "54797", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54797" "name": "54797",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/54797"
} },
{
"name": "[oss-security] 20120828 CVE for FreeBSD SCTP remote DoS?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/28/9"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686962",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686962"
},
{
"name": "[oss-security] 20120829 Re: CVE request: FreeBSD SCTP remote DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/29/6"
},
{
"name": "20226",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20226"
}
]
}
} }

32
2012/3xxx/CVE-2012-3854.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3854", "ID": "CVE-2012-3854",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2012/4xxx/CVE-2012-4041.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4041", "ID": "CVE-2012-4041",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

228
2012/4xxx/CVE-2012-4291.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4291", "ID": "CVE-2012-4291",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-20.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-20.html" "lang": "eng",
}, "value": "The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet."
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7570", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7570" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", "description": [
"refsource" : "CONFIRM", {
"url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201308-05", ]
"refsource" : "GENTOO", }
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" ]
}, },
{ "references": {
"name" : "RHSA-2013:0125", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0125.html" "name": "55035",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/55035"
"name" : "openSUSE-SU-2012:1067", },
"refsource" : "SUSE", {
"url" : "https://hermes.opensuse.org/messages/15514562" "name": "oval:org.mitre.oval:def:15813",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15813"
"name" : "openSUSE-SU-2012:1035", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html" "name": "54425",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54425"
"name" : "55035", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55035" "name": "RHSA-2013:0125",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0125.html"
"name" : "oval:org.mitre.oval:def:15813", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15813" "name": "http://www.wireshark.org/security/wnpa-sec-2012-20.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2012-20.html"
"name" : "51363", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51363" "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3",
}, "refsource": "CONFIRM",
{ "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3"
"name" : "50276", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50276" "name": "GLSA-201308-05",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
"name" : "54425", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54425" "name": "51363",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/51363"
} },
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7570",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7570"
},
{
"name": "openSUSE-SU-2012:1035",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html"
},
{
"name": "50276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50276"
},
{
"name": "openSUSE-SU-2012:1067",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15514562"
}
]
}
} }

32
2012/4xxx/CVE-2012-4723.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-4723", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-4723",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none."
} }
] ]
} }
} }

358
2012/4xxx/CVE-2012-4820.json
View File

@ -1,182 +1,182 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-4820", "ID": "CVE-2012-4820",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to \"insecure use of the java.lang.reflect.Method invoke() method.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120911 [SE-2012-01] Security vulnerabilities in IBM Java", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2012/Sep/38" "lang": "eng",
}, "value": "Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to \"insecure use of the java.lang.reflect.Method invoke() method.\""
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615705", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615705" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615800", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615800" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", ]
"refsource" : "CONFIRM", }
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" ]
}, },
{ "references": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616594", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616594" "name": "RHSA-2012:1466",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616616", },
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616616" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616616"
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616617", },
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616617" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616594"
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616652", },
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616652" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616617"
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616708", },
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616708" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", },
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" "name": "20120911 [SE-2012-01] Security vulnerabilities in IBM Java",
}, "refsource": "BUGTRAQ",
{ "url": "http://seclists.org/bugtraq/2012/Sep/38"
"name" : "https://www-304.ibm.com/support/docview.wss?uid=swg21616546", },
"refsource" : "CONFIRM", {
"url" : "https://www-304.ibm.com/support/docview.wss?uid=swg21616546" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616652"
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", },
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "IV29654", },
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654" "name": "55495",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/55495"
"name" : "RHSA-2012:1465", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1465.html" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
"name" : "RHSA-2012:1466", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1466.html" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615800"
"name" : "RHSA-2012:1467", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "51327",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51327"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546",
}, "refsource": "CONFIRM",
{ "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21616546"
"name" : "55495", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55495" "name": "ibm-java-invoke-code-execution(78764)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78764"
"name" : "51634", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51634" "name": "RHSA-2012:1467",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
"name" : "51326", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51326" "name": "RHSA-2012:1465",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
"name" : "51327", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51327" "name": "51328",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51328"
"name" : "51328", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51328" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616708"
"name" : "51393", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51393" "name": "51634",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51634"
"name" : "ibm-java-invoke-code-execution(78764)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78764" "name": "IV29654",
} "refsource": "AIXAPAR",
] "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV29654"
} },
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615705"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "51393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51393"
},
{
"name": "51326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51326"
}
]
}
} }

138
2012/4xxx/CVE-2012-4840.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-4840", "ID": "CVE-2012-4840",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" "lang": "eng",
}, "value": "IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "cognos-bi-fct-xpath-injection(79116)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79116" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "cognos-bi-fct-xpath-injection(79116)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79116"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697"
}
]
}
} }

32
2012/4xxx/CVE-2012-4887.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4887", "ID": "CVE-2012-4887",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2017/2xxx/CVE-2017-2431.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2431", "ID": "CVE-2017-2431",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"CoreMedia\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .mov file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207615", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207615" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"CoreMedia\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .mov file."
{ }
"name" : "97140", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97140" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038138", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038138" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "97140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97140"
},
{
"name": "https://support.apple.com/HT207615",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207615"
},
{
"name": "1038138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038138"
}
]
}
} }

168
2017/2xxx/CVE-2017-2528.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2528", "ID": "CVE-2017-2528",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42105", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42105/" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames."
{ }
"name" : "https://support.apple.com/HT207798", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207798" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207804", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207804" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201706-15", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201706-15" ]
}, },
{ "references": {
"name" : "98474", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98474" "name": "1038487",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1038487"
"name" : "1038487", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038487" "name": "98474",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/98474"
} },
{
"name": "42105",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42105/"
},
{
"name": "https://support.apple.com/HT207804",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207804"
},
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "https://support.apple.com/HT207798",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207798"
}
]
}
} }

130
2017/2xxx/CVE-2017-2703.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-2703", "ID": "CVE-2017-2703",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Mate 9, P9", "product_name": "Mate 9, P9",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373," "version_value": "Versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373,"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373 can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System Setting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Phone Finder Bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en" "lang": "eng",
}, "value": "Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earlier before MHA-CL00BC00B156,Versions earlier before MHA-DL00BC00B156,Versions earlier before MHA-TL00BC00B156,Versions earlier before EVA-AL10C00B373,Versions earlier before EVA-CL10C00B373,Versions earlier before EVA-DL10C00B373,Versions earlier before EVA-TL10C00B373 can be bypass. An attacker can bypass the Phone Finder by special steps and enter the System Setting."
{ }
"name" : "95657", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95657" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Phone Finder Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95657"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-05-smartphone-en"
}
]
}
} }

158
2017/6xxx/CVE-2017-6300.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6300", "ID": "CVE-2017-6300",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"3 of 9. Buffer Overflow in version field in lib/tnef-types.h.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.openwall.com/lists/oss-security/2017/02/15/4", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.openwall.com/lists/oss-security/2017/02/15/4" "lang": "eng",
}, "value": "An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"3 of 9. Buffer Overflow in version field in lib/tnef-types.h.\""
{ }
"name" : "https://github.com/Yeraze/ytnef/pull/27", ]
"refsource" : "MISC", },
"url" : "https://github.com/Yeraze/ytnef/pull/27" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/", "description": [
"refsource" : "MISC", {
"url" : "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3846", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3846" ]
}, },
{ "references": {
"name" : "96423", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96423" "name": "96423",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/96423"
} },
{
"name": "http://www.openwall.com/lists/oss-security/2017/02/15/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/02/15/4"
},
{
"name": "https://github.com/Yeraze/ytnef/pull/27",
"refsource": "MISC",
"url": "https://github.com/Yeraze/ytnef/pull/27"
},
{
"name": "DSA-3846",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3846"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/"
}
]
}
} }

168
2017/6xxx/CVE-2017-6314.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6314", "ID": "CVE-2017-6314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/02/21/4" "lang": "eng",
}, "value": "The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file."
{ }
"name" : "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2017/02/26/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html", "description": [
"refsource" : "MISC", {
"url" : "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=779020", ]
"refsource" : "MISC", }
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=779020" ]
}, },
{ "references": {
"name" : "GLSA-201709-08", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201709-08" "name": "https://bugzilla.gnome.org/show_bug.cgi?id=779020",
}, "refsource": "MISC",
{ "url": "https://bugzilla.gnome.org/show_bug.cgi?id=779020"
"name" : "96779", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96779" "name": "[oss-security] 20170221 CVE Request - Multiple vulnerabilities in gdk-pixbuf",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
} },
{
"name": "96779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96779"
},
{
"name": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html",
"refsource": "MISC",
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"name": "[oss-security] 20170226 Re: CVE Request - Multiple vulnerabilities in gdk-pixbuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"name": "GLSA-201709-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-08"
}
]
}
} }

130
2017/6xxx/CVE-2017-6323.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@symantec.com", "ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC" : "2017-06-28T00:00:00", "DATE_PUBLIC": "2017-06-28T00:00:00",
"ID" : "CVE-2017-6323", "ID": "CVE-2017-6323",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ITMS", "product_name": "ITMS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6 & ITMS 7.6_POST_HF7" "version_value": "Prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6 & ITMS 7.6_POST_HF7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Symantec Corporation" "vendor_name": "Symantec Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XXE"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00" "lang": "eng",
}, "value": "The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts."
{ }
"name" : "98621", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98621" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "XXE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00"
},
{
"name": "98621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98621"
}
]
}
} }

128
2017/6xxx/CVE-2017-6675.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6675", "ID": "CVE-2017-6675",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Industrial Network Director", "product_name": "Cisco Industrial Network Director",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Industrial Network Director" "version_value": "Cisco Industrial Network Director"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind" "lang": "eng",
}, "value": "A vulnerability in the web interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against an affected system. More Information: CSCvd25405. Known Affected Releases: 1.1(0.176)."
{ }
"name" : "98962", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98962" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Cross-Site Scripting Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-ind"
},
{
"name": "98962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98962"
}
]
}
} }

158
2017/6xxx/CVE-2017-6833.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6833", "ID": "CVE-2017-6833",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170313 Re: audiofile: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/03/13/5" "lang": "eng",
}, "value": "The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file."
{ }
"name" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/", ]
"refsource" : "MISC", },
"url" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/mpruett/audiofile/issues/37", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/mpruett/audiofile/issues/37" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/mpruett/audiofile/pull/42", ]
"refsource" : "MISC", }
"url" : "https://github.com/mpruett/audiofile/pull/42" ]
}, },
{ "references": {
"name" : "DSA-3814", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3814" "name": "[oss-security] 20170313 Re: audiofile: divide-by-zero in BlockCodec::runPull (BlockCodec.cpp)",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2017/03/13/5"
} },
{
"name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/"
},
{
"name": "https://github.com/mpruett/audiofile/pull/42",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"name": "DSA-3814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"name": "https://github.com/mpruett/audiofile/issues/37",
"refsource": "MISC",
"url": "https://github.com/mpruett/audiofile/issues/37"
}
]
}
} }

32
2017/7xxx/CVE-2017-7289.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7289", "ID": "CVE-2017-7289",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

198
2017/7xxx/CVE-2017-7502.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-7502", "ID": "CVE-2017-7502",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "nss", "product_name": "nss",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "since 3.24.0" "version_value": "since 3.24.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NSS project" "vendor_name": "NSS project"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-476"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d" "lang": "eng",
}, "value": "Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker."
{ }
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3872", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3872" "lang": "eng",
}, "value": "CWE-476"
{ }
"name" : "RHSA-2017:1364", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2017:1364" ]
}, },
{ "references": {
"name" : "RHSA-2017:1365", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1365" "name": "RHSA-2017:1365",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1365"
"name" : "RHSA-2017:1567", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1567" "name": "1038579",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1038579"
"name" : "RHSA-2017:1712", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1712" "name": "98744",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/98744"
"name" : "98744", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98744" "name": "RHSA-2017:1712",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1712"
"name" : "1038579", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038579" "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
} },
{
"name": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d",
"refsource": "CONFIRM",
"url": "https://hg.mozilla.org/projects/nss/rev/55ea60effd0d"
},
{
"name": "RHSA-2017:1364",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1364"
},
{
"name": "RHSA-2017:1567",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1567"
},
{
"name": "DSA-3872",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3872"
}
]
}
} }

130
2017/7xxx/CVE-2017-7684.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2017-07-13T00:00:00", "DATE_PUBLIC": "2017-07-13T00:00:00",
"ID" : "CVE-2017-7684", "ID": "CVE-2017-7684",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache OpenMeetings", "product_name": "Apache OpenMeetings",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.0.0" "version_value": "1.0.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure File Upload"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[user] 20170713 CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload", "description_data": [
"refsource" : "MLIST", {
"url" : "http://markmail.org/message/v6dpmrdd6cgg66up" "lang": "eng",
}, "value": "Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server."
{ }
"name" : "99584", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99584" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Insecure File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99584"
},
{
"name": "[user] 20170713 CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload",
"refsource": "MLIST",
"url": "http://markmail.org/message/v6dpmrdd6cgg66up"
}
]
}
} }

148
2018/10xxx/CVE-2018-10309.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10309", "ID": "CVE-2018-10309",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44563", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44563/" "lang": "eng",
}, "value": "The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS."
{ }
"name" : "https://gist.github.com/B0UG/f0cfb356e23be3cd6ebea69566d6100a", ]
"refsource" : "MISC", },
"url" : "https://gist.github.com/B0UG/f0cfb356e23be3cd6ebea69566d6100a" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://wpvulndb.com/vulnerabilities/9067", "description": [
"refsource" : "MISC", {
"url" : "https://wpvulndb.com/vulnerabilities/9067" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://wordpress.org/plugins/responsive-cookie-consent/#developers", ]
"refsource" : "CONFIRM", }
"url" : "https://wordpress.org/plugins/responsive-cookie-consent/#developers" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://gist.github.com/B0UG/f0cfb356e23be3cd6ebea69566d6100a",
"refsource": "MISC",
"url": "https://gist.github.com/B0UG/f0cfb356e23be3cd6ebea69566d6100a"
},
{
"name": "https://wpvulndb.com/vulnerabilities/9067",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9067"
},
{
"name": "https://wordpress.org/plugins/responsive-cookie-consent/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/responsive-cookie-consent/#developers"
},
{
"name": "44563",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44563/"
}
]
}
} }

158
2018/14xxx/CVE-2018-14348.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14348", "ID": "CVE-2018-14348",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180820 [SECURITY] [DLA 1472-1] libcgroup security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00019.html" "lang": "eng",
}, "value": "libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information."
{ }
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1100365", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1100365" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2018-f6adf1cb62", ]
"refsource" : "FEDORA", }
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VH333EONOEEGKOLHHFXCJYHCYMHJ4KK/" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2018:2241", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00023.html" "name": "https://bugzilla.suse.com/show_bug.cgi?id=1100365",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.suse.com/show_bug.cgi?id=1100365"
} },
{
"name": "FEDORA-2018-f6adf1cb62",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3VH333EONOEEGKOLHHFXCJYHCYMHJ4KK/"
},
{
"name": "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/"
},
{
"name": "openSUSE-SU-2018:2241",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00023.html"
},
{
"name": "[debian-lts-announce] 20180820 [SECURITY] [DLA 1472-1] libcgroup security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00019.html"
}
]
}
} }

118
2018/14xxx/CVE-2018-14442.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14442", "ID": "CVE-2018-14442",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "lang": "eng",
} "value": "Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
} }

118
2018/14xxx/CVE-2018-14545.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14545", "ID": "CVE-2018-14545",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/axiomatic-systems/Bento4/issues/291", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/axiomatic-systems/Bento4/issues/291" "lang": "eng",
} "value": "There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 file. This vulnerability can be triggered by the executable mp42ts."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/axiomatic-systems/Bento4/issues/291",
"refsource": "MISC",
"url": "https://github.com/axiomatic-systems/Bento4/issues/291"
}
]
}
} }

208
2018/14xxx/CVE-2018-14598.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14598", "ID": "CVE-2018-14598",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20180821 X.Org security advisory: August 21, 2018", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2018/08/21/6" "lang": "eng",
}, "value": "An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault)."
{ }
"name" : "[xorg-announce] 20180821 libX11 1.6.6", ]
"refsource" : "MLIST", },
"url" : "https://lists.x.org/archives/xorg-announce/2018-August/002916.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update", "description": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1102073", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1102073" ]
}, },
{ "references": {
"name" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2" "name": "USN-3758-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3758-2/"
"name" : "GLSA-201811-01", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201811-01" "name": "https://bugzilla.suse.com/show_bug.cgi?id=1102073",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102073"
"name" : "USN-3758-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3758-2/" "name": "GLSA-201811-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201811-01"
"name" : "USN-3758-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3758-1/" "name": "105177",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/105177"
"name" : "105177", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105177" "name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2",
}, "refsource": "CONFIRM",
{ "url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2"
"name" : "1041543", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041543" "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
} },
{
"name": "1041543",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041543"
},
{
"name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
},
{
"name": "[xorg-announce] 20180821 libX11 1.6.6",
"refsource": "MLIST",
"url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
},
{
"name": "USN-3758-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3758-1/"
}
]
}
} }

32
2018/14xxx/CVE-2018-14980.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14980", "ID": "CVE-2018-14980",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2018/15xxx/CVE-2018-15978.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-15978", "ID": "CVE-2018-15978",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb18-39.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-39.html" "lang": "eng",
}, "value": "Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "RHSA-2018:3618", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2018:3618" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "105909", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105909" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1042098", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1042098" ]
} },
] "references": {
} "reference_data": [
{
"name": "1042098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042098"
},
{
"name": "105909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105909"
},
{
"name": "RHSA-2018:3618",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3618"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb18-39.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-39.html"
}
]
}
} }

32
2018/20xxx/CVE-2018-20312.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20312", "ID": "CVE-2018-20312",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2018/20xxx/CVE-2018-20593.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20593", "ID": "CVE-2018-20593",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/michaelrsweet/mxml/issues/237", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/michaelrsweet/mxml/issues/237" "lang": "eng",
}, "value": "In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c."
{ }
"name" : "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err", ]
"refsource" : "MISC", },
"url" : "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err",
"refsource": "MISC",
"url": "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err"
},
{
"name": "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err",
"refsource": "MISC",
"url": "https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err"
},
{
"name": "https://github.com/michaelrsweet/mxml/issues/237",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/mxml/issues/237"
}
]
}
} }

32
2018/20xxx/CVE-2018-20647.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20647", "ID": "CVE-2018-20647",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/9xxx/CVE-2018-9033.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9033", "ID": "CVE-2018-9033",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/9xxx/CVE-2018-9057.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9057", "ID": "CVE-2018-9057",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/terraform-providers/terraform-provider-aws/pull/3934", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/terraform-providers/terraform-provider-aws/pull/3934" "lang": "eng",
} "value": "aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an IAM account that was provisioned with a weak password."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/terraform-providers/terraform-provider-aws/pull/3934",
"refsource": "MISC",
"url": "https://github.com/terraform-providers/terraform-provider-aws/pull/3934"
}
]
}
} }

32
2018/9xxx/CVE-2018-9222.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9222", "ID": "CVE-2018-9222",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/9xxx/CVE-2018-9537.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2018-9537", "ID": "CVE-2018-9537",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-9" "version_value": "Android-9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-11-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-11-01" "lang": "eng",
}, "value": "In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564"
{ }
"name" : "105865", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105865" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105865"
},
{
"name": "https://source.android.com/security/bulletin/2018-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-11-01"
}
]
}
} }

32
2018/9xxx/CVE-2018-9768.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9768", "ID": "CVE-2018-9768",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }