admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:49:44 +00:00
parent 2ff3dea426
commit 3959cbbc26
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3641 additions and 3641 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2002/0xxx/CVE-2002-0004.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0004",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap corruption vulnerability in the \"at\" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0004",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020117 '/usr/bin/at 31337 + vuln' problem + exploit",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101128661602088&w=2"
},
{
"name" : "DSA-102",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-102"
},
{
"name" : "SuSE-SA:2002:003",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2002_003_at_txt.html"
},
{
"name" : "MDKSA-2002:007",
"refsource" : "MANDRAKE",
"url" : "http://marc.info/?l=bugtraq&m=101147632721031&w=2"
},
{
"name" : "RHSA-2002:015",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-015.html"
},
{
"name" : "HPSBTL0201-021",
"refsource" : "HP",
"url" : "http://online.securityfocus.com/advisories/3833"
},
{
"name" : "HPSBTL0302-034",
"refsource" : "HP",
"url" : "http://online.securityfocus.com/advisories/3969"
},
{
"name" : "linux-at-exetime-heap-corruption(7909)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7909"
},
{
"name" : "3886",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3886"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap corruption vulnerability in the \"at\" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "linux-at-exetime-heap-corruption(7909)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7909"
},
{
"name": "HPSBTL0302-034",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/3969"
},
{
"name": "DSA-102",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-102"
},
{
"name": "RHSA-2002:015",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-015.html"
},
{
"name": "HPSBTL0201-021",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/3833"
},
{
"name": "20020117 '/usr/bin/at 31337 + vuln' problem + exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101128661602088&w=2"
},
{
"name": "3886",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3886"
},
{
"name": "SuSE-SA:2002:003",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_003_at_txt.html"
},
{
"name": "MDKSA-2002:007",
"refsource": "MANDRAKE",
"url": "http://marc.info/?l=bugtraq&m=101147632721031&w=2"
}
]
}
}

170
2002/0xxx/CVE-2002-0103.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0103",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020107 [PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101041510727937&w=2"
},
{
"name" : "http://otn.oracle.com/deploy/security/pdf/webcache2.pdf",
"refsource" : "CONFIRM",
"url" : "http://otn.oracle.com/deploy/security/pdf/webcache2.pdf"
},
{
"name" : "3761",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3761"
},
{
"name" : "3764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3764"
},
{
"name" : "oracle-appserver-webcached-privileges(7766)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7766.php"
},
{
"name" : "oracle-appserver-webcache-password(7768)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7768.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by (1) running webcached or (2) obtaining the administrator password from webcache.xml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020107 [PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101041510727937&w=2"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/webcache2.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/webcache2.pdf"
},
{
"name": "3764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3764"
},
{
"name": "3761",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3761"
},
{
"name": "oracle-appserver-webcached-privileges(7766)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7766.php"
},
{
"name": "oracle-appserver-webcache-password(7768)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7768.php"
}
]
}
}

140
2002/0xxx/CVE-2002-0227.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0227",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020201 KICQ 2.0.0b1 can be remotely crashed",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101266856410129&w=2"
},
{
"name" : "4018",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4018"
},
{
"name" : "kicq-telnet-dos(8064)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8064.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4018"
},
{
"name": "20020201 KICQ 2.0.0b1 can be remotely crashed",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101266856410129&w=2"
},
{
"name": "kicq-telnet-dos(8064)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8064.php"
}
]
}
}

210
2002/0xxx/CVE-2002-0402.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0402",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00004.html",
"refsource" : "CONFIRM",
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00004.html"
},
{
"name" : "DSA-130",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-130"
},
{
"name" : "20020529 Potential security issues in Ethereal",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102268626526119&w=2"
},
{
"name" : "RHSA-2002:036",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-036.html"
},
{
"name" : "RHSA-2002:088",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-088.html"
},
{
"name" : "RHSA-2002:170",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-170.html"
},
{
"name" : "CLSA-2002:505",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505"
},
{
"name" : "CSSA-2002-037.0",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt"
},
{
"name" : "ethereal-x11-dissector-bo(9203)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9203.php"
},
{
"name" : "4805",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4805"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLSA-2002:505",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505"
},
{
"name": "RHSA-2002:088",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-088.html"
},
{
"name": "DSA-130",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-130"
},
{
"name": "20020529 Potential security issues in Ethereal",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102268626526119&w=2"
},
{
"name": "http://www.ethereal.com/appnotes/enpa-sa-00004.html",
"refsource": "CONFIRM",
"url": "http://www.ethereal.com/appnotes/enpa-sa-00004.html"
},
{
"name": "ethereal-x11-dissector-bo(9203)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9203.php"
},
{
"name": "RHSA-2002:036",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-036.html"
},
{
"name": "RHSA-2002:170",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-170.html"
},
{
"name": "CSSA-2002-037.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt"
},
{
"name": "4805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4805"
}
]
}
}

150
2002/0xxx/CVE-2002-0995.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0995",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to \"insert,\" which adds the provided username to the adminUsers table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020702 PHPAuction bug",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0014.html"
},
{
"name" : "http://www.phpauction.org/viewnew.php?id=5",
"refsource" : "CONFIRM",
"url" : "http://www.phpauction.org/viewnew.php?id=5"
},
{
"name" : "phpauction-admin-account-creation(9462)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9462.php"
},
{
"name" : "5141",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5141"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to \"insert,\" which adds the provided username to the adminUsers table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5141"
},
{
"name": "http://www.phpauction.org/viewnew.php?id=5",
"refsource": "CONFIRM",
"url": "http://www.phpauction.org/viewnew.php?id=5"
},
{
"name": "20020702 PHPAuction bug",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0014.html"
},
{
"name": "phpauction-admin-account-creation(9462)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9462.php"
}
]
}
}

150
2002/1xxx/CVE-2002-1421.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1421",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020818 FUDforum file access and SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/288042"
},
{
"name" : "20020818 FUDforum file access and SQL Injection",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0082.html"
},
{
"name" : "5500",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5500"
},
{
"name" : "fudforum-sql-injection(9912)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9912.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020818 FUDforum file access and SQL Injection",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0082.html"
},
{
"name": "fudforum-sql-injection(9912)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9912.php"
},
{
"name": "20020818 FUDforum file access and SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/288042"
},
{
"name": "5500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5500"
}
]
}
}

140
2002/1xxx/CVE-2002-1651.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#636431",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/636431"
},
{
"name" : "5102",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5102"
},
{
"name" : "verity-search97-xss(9441)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9441"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the (1) vformat or (2) vfilter functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5102"
},
{
"name": "VU#636431",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/636431"
},
{
"name": "verity-search97-xss(9441)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9441"
}
]
}
}

140
2002/1xxx/CVE-2002-1800.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpRank 1.8 stores the administrative password in plaintext on the server and in the \"ap\" cookie, which allows remote attackers to retrieve the administrative password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021010 Multiple vulnerabilities in phpRank",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0148.html"
},
{
"name" : "5947",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5947"
},
{
"name" : "phprank-admin-plaintext-password(10352)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10352.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpRank 1.8 stores the administrative password in plaintext on the server and in the \"ap\" cookie, which allows remote attackers to retrieve the administrative password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5947"
},
{
"name": "phprank-admin-plaintext-password(10352)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10352.php"
},
{
"name": "20021010 Multiple vulnerabilities in phpRank",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0148.html"
}
]
}
}

140
2002/2xxx/CVE-2002-2406.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021117 LiteServe URL Decoding DoS",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0075.html"
},
{
"name" : "6192",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6192"
},
{
"name" : "liteserve-percent-character-dos(10644)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10644.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6192"
},
{
"name": "20021117 LiteServe URL Decoding DoS",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0075.html"
},
{
"name": "liteserve-percent-character-dos(10644)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10644.php"
}
]
}
}

140
2005/0xxx/CVE-2005-0577.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vuxml.org/freebsd/32d4f0f1-85c3-11d9-b6dc-0007e900f747.html",
"refsource" : "CONFIRM",
"url" : "http://www.vuxml.org/freebsd/32d4f0f1-85c3-11d9-b6dc-0007e900f747.html"
},
{
"name" : "http://www.freshports.org/x11-fonts/mkbold-mkitalic/",
"refsource" : "CONFIRM",
"url" : "http://www.freshports.org/x11-fonts/mkbold-mkitalic/"
},
{
"name" : "14398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14398"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.freshports.org/x11-fonts/mkbold-mkitalic/",
"refsource": "CONFIRM",
"url": "http://www.freshports.org/x11-fonts/mkbold-mkitalic/"
},
{
"name": "http://www.vuxml.org/freebsd/32d4f0f1-85c3-11d9-b6dc-0007e900f747.html",
"refsource": "CONFIRM",
"url": "http://www.vuxml.org/freebsd/32d4f0f1-85c3-11d9-b6dc-0007e900f747.html"
},
{
"name": "14398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14398"
}
]
}
}

130
2005/0xxx/CVE-2005-0604.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0604",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050228 [Hat-Squad] GFI L.N.S.S 5.0 Insecure Credential Storage",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110961644621528&w=2"
},
{
"name" : "http://www.hat-squad.com/en/000160.html",
"refsource" : "MISC",
"url" : "http://www.hat-squad.com/en/000160.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hat-squad.com/en/000160.html",
"refsource": "MISC",
"url": "http://www.hat-squad.com/en/000160.html"
},
{
"name": "20050228 [Hat-Squad] GFI L.N.S.S 5.0 Insecure Credential Storage",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110961644621528&w=2"
}
]
}
}

130
2005/0xxx/CVE-2005-0855.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) profile_pm.php, or (8) readannonce.php, which leaks the full pathname in a PHP error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050320 -==CoolForum Path Disclosure & Possible SQL Injection==-",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/lists/bugtraq/2005/Mar/0358.html"
},
{
"name" : "1013474",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013474"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) profile_pm.php, or (8) readannonce.php, which leaks the full pathname in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050320 -==CoolForum Path Disclosure & Possible SQL Injection==-",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/Mar/0358.html"
},
{
"name": "1013474",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013474"
}
]
}
}

150
2005/1xxx/CVE-2005-1132.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050413 LG U8120 Mobile Phone Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/395714"
},
{
"name" : "13154",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13154"
},
{
"name" : "1013777",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013777"
},
{
"name" : "lg-u8120-mobile-phone-dos(20091)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20091"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13154"
},
{
"name": "1013777",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013777"
},
{
"name": "20050413 LG U8120 Mobile Phone Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/395714"
},
{
"name": "lg-u8120-mobile-phone-dos(20091)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20091"
}
]
}
}

140
2005/1xxx/CVE-2005-1322.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1322",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1322",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[nag] 20050422 Nag 1.1.3 (final)",
"refsource" : "MLIST",
"url" : "http://lists.horde.org/archives/nag/Week-of-Mon-20050418/000756.html"
},
{
"name" : "http://cvs.horde.org/diff.php/nag/docs/CHANGES?r1=1.54.2.33&r2=1.54.2.35&ty=h",
"refsource" : "CONFIRM",
"url" : "http://cvs.horde.org/diff.php/nag/docs/CHANGES?r1=1.54.2.33&r2=1.54.2.35&ty=h"
},
{
"name" : "15079",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15079"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[nag] 20050422 Nag 1.1.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/nag/Week-of-Mon-20050418/000756.html"
},
{
"name": "15079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15079"
},
{
"name": "http://cvs.horde.org/diff.php/nag/docs/CHANGES?r1=1.54.2.33&r2=1.54.2.35&ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/nag/docs/CHANGES?r1=1.54.2.33&r2=1.54.2.35&ty=h"
}
]
}
}

170
2009/0xxx/CVE-2009-0015.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to \"credential management.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3438",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3438"
},
{
"name" : "APPLE-SA-2009-02-12",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name" : "33759",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33759"
},
{
"name" : "33821",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33821"
},
{
"name" : "ADV-2009-0422",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name" : "33937",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33937"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to \"credential management.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33937"
},
{
"name": "33759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33759"
},
{
"name": "33821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33821"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "ADV-2009-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0422"
}
]
}
}

300
2009/0xxx/CVE-2009-0201.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to \"table parsing.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-0201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506195/100/0/threaded"
},
{
"name" : "http://development.openoffice.org/releases/3.1.1.html",
"refsource" : "MISC",
"url" : "http://development.openoffice.org/releases/3.1.1.html"
},
{
"name" : "http://secunia.com/secunia_research/2009-27/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2009-27/"
},
{
"name" : "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html",
"refsource" : "CONFIRM",
"url" : "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html"
},
{
"name" : "DSA-1880",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1880"
},
{
"name" : "GLSA-201408-19",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name" : "MDVSA-2010:035",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
},
{
"name" : "MDVSA-2010:091",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
},
{
"name" : "MDVSA-2010:105",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
},
{
"name" : "263508",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1"
},
{
"name" : "1020715",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1"
},
{
"name" : "SUSE-SR:2009:015",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name" : "36200",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36200"
},
{
"name" : "oval:org.mitre.oval:def:10726",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10726"
},
{
"name" : "1022798",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022798"
},
{
"name" : "35036",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35036"
},
{
"name" : "36750",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36750"
},
{
"name" : "60799",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60799"
},
{
"name" : "ADV-2009-2490",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2490"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to \"table parsing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html"
},
{
"name": "60799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60799"
},
{
"name": "GLSA-201408-19",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "http://development.openoffice.org/releases/3.1.1.html",
"refsource": "MISC",
"url": "http://development.openoffice.org/releases/3.1.1.html"
},
{
"name": "MDVSA-2010:105",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
},
{
"name": "1022798",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022798"
},
{
"name": "MDVSA-2010:091",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
},
{
"name": "MDVSA-2010:035",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
},
{
"name": "1020715",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1"
},
{
"name": "20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506195/100/0/threaded"
},
{
"name": "SUSE-SR:2009:015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name": "DSA-1880",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1880"
},
{
"name": "oval:org.mitre.oval:def:10726",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10726"
},
{
"name": "http://secunia.com/secunia_research/2009-27/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-27/"
},
{
"name": "35036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35036"
},
{
"name": "263508",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1"
},
{
"name": "36750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36750"
},
{
"name": "36200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36200"
},
{
"name": "ADV-2009-2490",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2490"
}
]
}
}

160
2009/0xxx/CVE-2009-0481.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0481",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.bugzilla.org/security/2.22.6/",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security/2.22.6/"
},
{
"name" : "FEDORA-2009-2417",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html"
},
{
"name" : "FEDORA-2009-2418",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html"
},
{
"name" : "33580",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33580"
},
{
"name" : "34361",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34361"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-2418",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html"
},
{
"name": "FEDORA-2009-2417",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html"
},
{
"name": "34361",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34361"
},
{
"name": "http://www.bugzilla.org/security/2.22.6/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/2.22.6/"
},
{
"name": "33580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33580"
}
]
}
}

170
2009/0xxx/CVE-2009-0918.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0918",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) \"external tools\" or (2) a crafted forensic image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ptk.dflabs.com/faq.html",
"refsource" : "CONFIRM",
"url" : "http://ptk.dflabs.com/faq.html"
},
{
"name" : "http://ptk.dflabs.com/security.html",
"refsource" : "CONFIRM",
"url" : "http://ptk.dflabs.com/security.html"
},
{
"name" : "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
},
{
"name" : "VU#845747",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/845747"
},
{
"name" : "34111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34111"
},
{
"name" : "ptk-unspecified-command-execution(49235)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49235"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) \"external tools\" or (2) a crafted forensic image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/RGII-7Q4GBJ"
},
{
"name": "http://ptk.dflabs.com/faq.html",
"refsource": "CONFIRM",
"url": "http://ptk.dflabs.com/faq.html"
},
{
"name": "VU#845747",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/845747"
},
{
"name": "34111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34111"
},
{
"name": "http://ptk.dflabs.com/security.html",
"refsource": "CONFIRM",
"url": "http://ptk.dflabs.com/security.html"
},
{
"name": "ptk-unspecified-command-execution(49235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49235"
}
]
}
}

170
2009/1xxx/CVE-2009-1261.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1261",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject arbitrary web script or HTML via the (1) Report Name, (2) Asset No., and (3) Full Name fields in a Models action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "34391",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34391"
},
{
"name" : "53422",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53422"
},
{
"name" : "53423",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53423"
},
{
"name" : "53424",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53424"
},
{
"name" : "34596",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34596"
},
{
"name" : "webhelpdesk-multiple-form-xss(49683)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject arbitrary web script or HTML via the (1) Report Name, (2) Asset No., and (3) Full Name fields in a Models action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53423",
"refsource": "OSVDB",
"url": "http://osvdb.org/53423"
},
{
"name": "34391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34391"
},
{
"name": "53424",
"refsource": "OSVDB",
"url": "http://osvdb.org/53424"
},
{
"name": "34596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34596"
},
{
"name": "53422",
"refsource": "OSVDB",
"url": "http://osvdb.org/53422"
},
{
"name": "webhelpdesk-multiple-form-xss(49683)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49683"
}
]
}
}

170
2009/1xxx/CVE-2009-1640.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1640",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Macintosh 4.04 allows user-assisted attackers to execute arbitrary code via a crafted .AMHH file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.insight-tech.org/index.php?p=Kernel-recovery-for-Macintosh-v-4-04-Buffer-Overflow",
"refsource" : "MISC",
"url" : "http://www.insight-tech.org/index.php?p=Kernel-recovery-for-Macintosh-v-4-04-Buffer-Overflow"
},
{
"name" : "http://www.insight-tech.org/xploits/KernelrecoveryforMacintoshv.4.04BufferOverflow.py",
"refsource" : "MISC",
"url" : "http://www.insight-tech.org/xploits/KernelrecoveryforMacintoshv.4.04BufferOverflow.py"
},
{
"name" : "34846",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34846"
},
{
"name" : "54224",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54224"
},
{
"name" : "34860",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34860"
},
{
"name" : "nucleus-amhh-bo(50345)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50345"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Macintosh 4.04 allows user-assisted attackers to execute arbitrary code via a crafted .AMHH file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34846"
},
{
"name": "http://www.insight-tech.org/index.php?p=Kernel-recovery-for-Macintosh-v-4-04-Buffer-Overflow",
"refsource": "MISC",
"url": "http://www.insight-tech.org/index.php?p=Kernel-recovery-for-Macintosh-v-4-04-Buffer-Overflow"
},
{
"name": "http://www.insight-tech.org/xploits/KernelrecoveryforMacintoshv.4.04BufferOverflow.py",
"refsource": "MISC",
"url": "http://www.insight-tech.org/xploits/KernelrecoveryforMacintoshv.4.04BufferOverflow.py"
},
{
"name": "54224",
"refsource": "OSVDB",
"url": "http://osvdb.org/54224"
},
{
"name": "nucleus-amhh-bo(50345)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50345"
},
{
"name": "34860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34860"
}
]
}
}

190
2012/0xxx/CVE-2012-0184.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel SXLI Record Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-0184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120508 Microsoft Excel SXLI Record Memory Corruption Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=982"
},
{
"name" : "MS12-030",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name" : "TA12-129A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"name" : "53375",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53375"
},
{
"name" : "oval:org.mitre.oval:def:14789",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14789"
},
{
"name" : "1027041",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027041"
},
{
"name" : "49112",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49112"
},
{
"name" : "ms-excel-sxli-code-execution(75117)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75117"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka \"Excel SXLI Record Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ms-excel-sxli-code-execution(75117)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75117"
},
{
"name": "oval:org.mitre.oval:def:14789",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14789"
},
{
"name": "53375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53375"
},
{
"name": "1027041",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027041"
},
{
"name": "20120508 Microsoft Excel SXLI Record Memory Corruption Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=982"
},
{
"name": "MS12-030",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-030"
},
{
"name": "49112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49112"
},
{
"name": "TA12-129A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
}
]
}
}

330
2012/2xxx/CVE-2012-2111.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the \"take ownership\" privilege via an LSA connection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.samba.org/samba/security/CVE-2012-2111",
"refsource" : "CONFIRM",
"url" : "http://www.samba.org/samba/security/CVE-2012-2111"
},
{
"name" : "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578",
"refsource" : "CONFIRM",
"url" : "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
},
{
"name" : "DSA-2463",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2463"
},
{
"name" : "FEDORA-2012-6981",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html"
},
{
"name" : "FEDORA-2012-6999",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html"
},
{
"name" : "FEDORA-2012-7006",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html"
},
{
"name" : "HPSBUX02789",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134323086902585&w=2"
},
{
"name" : "SSRT100824",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134323086902585&w=2"
},
{
"name" : "MDVSA-2012:067",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:067"
},
{
"name" : "RHSA-2012:0533",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0533.html"
},
{
"name" : "SUSE-SU-2012:0573",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html"
},
{
"name" : "SUSE-SU-2012:0591",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html"
},
{
"name" : "openSUSE-SU-2012:0583",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html"
},
{
"name" : "USN-1434-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1434-1"
},
{
"name" : "81648",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81648"
},
{
"name" : "1026988",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026988"
},
{
"name" : "48999",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48999"
},
{
"name" : "48976",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48976"
},
{
"name" : "48984",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48984"
},
{
"name" : "48996",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48996"
},
{
"name" : "49017",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49017"
},
{
"name" : "49030",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49030"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the \"take ownership\" privilege via an LSA connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1434-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1434-1"
},
{
"name": "81648",
"refsource": "OSVDB",
"url": "http://osvdb.org/81648"
},
{
"name": "SUSE-SU-2012:0591",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html"
},
{
"name": "MDVSA-2012:067",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:067"
},
{
"name": "48996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48996"
},
{
"name": "FEDORA-2012-6981",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html"
},
{
"name": "49017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49017"
},
{
"name": "1026988",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026988"
},
{
"name": "HPSBUX02789",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134323086902585&w=2"
},
{
"name": "http://www.samba.org/samba/security/CVE-2012-2111",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/security/CVE-2012-2111"
},
{
"name": "48976",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48976"
},
{
"name": "openSUSE-SU-2012:0583",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html"
},
{
"name": "FEDORA-2012-6999",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html"
},
{
"name": "49030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49030"
},
{
"name": "FEDORA-2012-7006",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html"
},
{
"name": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578",
"refsource": "CONFIRM",
"url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
},
{
"name": "48984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48984"
},
{
"name": "48999",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48999"
},
{
"name": "SUSE-SU-2012:0573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html"
},
{
"name": "DSA-2463",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2463"
},
{
"name": "SSRT100824",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134323086902585&w=2"
},
{
"name": "RHSA-2012:0533",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0533.html"
}
]
}
}

130
2012/2xxx/CVE-2012-2354.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2354",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the \"Recent conversations\" feature with a modified parameter in a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120523 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2012/05/23/2"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=48e03792ca8faa2d781f9ef74606f3b3f0d3baec",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=48e03792ca8faa2d781f9ef74606f3b3f0d3baec"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the \"Recent conversations\" feature with a modified parameter in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=48e03792ca8faa2d781f9ef74606f3b3f0d3baec",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=48e03792ca8faa2d781f9ef74606f3b3f0d3baec"
},
{
"name": "[oss-security] 20120523 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/05/23/2"
}
]
}
}

190
2012/2xxx/CVE-2012-2762.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB23092",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23092"
},
{
"name" : "http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html",
"refsource" : "CONFIRM",
"url" : "http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html"
},
{
"name" : "https://github.com/s9y/Serendipity/commit/87153991d06bc18fe4af05f97810487c4a340a92#diff-1",
"refsource" : "CONFIRM",
"url" : "https://github.com/s9y/Serendipity/commit/87153991d06bc18fe4af05f97810487c4a340a92#diff-1"
},
{
"name" : "53620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53620"
},
{
"name" : "82036",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/82036"
},
{
"name" : "1027079",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027079"
},
{
"name" : "49234",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49234"
},
{
"name" : "serendipity-trackbacksinc-sql-injection(75760)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "82036",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82036"
},
{
"name": "53620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53620"
},
{
"name": "49234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49234"
},
{
"name": "serendipity-trackbacksinc-sql-injection(75760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75760"
},
{
"name": "https://www.htbridge.com/advisory/HTB23092",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23092"
},
{
"name": "http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html"
},
{
"name": "1027079",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027079"
},
{
"name": "https://github.com/s9y/Serendipity/commit/87153991d06bc18fe4af05f97810487c4a340a92#diff-1",
"refsource": "CONFIRM",
"url": "https://github.com/s9y/Serendipity/commit/87153991d06bc18fe4af05f97810487c4a340a92#diff-1"
}
]
}
}

150
2012/2xxx/CVE-2012-2969.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://caucho.com/resin-4.0/changes/changes.xtp",
"refsource" : "MISC",
"url" : "http://caucho.com/resin-4.0/changes/changes.xtp"
},
{
"name" : "http://en.securitylab.ru/lab/",
"refsource" : "MISC",
"url" : "http://en.securitylab.ru/lab/"
},
{
"name" : "http://en.securitylab.ru/lab/PT-2012-05",
"refsource" : "MISC",
"url" : "http://en.securitylab.ru/lab/PT-2012-05"
},
{
"name" : "VU#309979",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/309979"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#309979",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/309979"
},
{
"name": "http://en.securitylab.ru/lab/",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/"
},
{
"name": "http://en.securitylab.ru/lab/PT-2012-05",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2012-05"
},
{
"name": "http://caucho.com/resin-4.0/changes/changes.xtp",
"refsource": "MISC",
"url": "http://caucho.com/resin-4.0/changes/changes.xtp"
}
]
}
}

130
2012/3xxx/CVE-2012-3014.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3014",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf",
"refsource" : "MISC",
"url" : "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf",
"refsource": "MISC",
"url": "http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf"
}
]
}
}

170
2012/3xxx/CVE-2012-3271.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3271",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-3271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBHF02821",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515413"
},
{
"name" : "SSRT100934",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515413"
},
{
"name" : "56597",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56597"
},
{
"name" : "1027790",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027790"
},
{
"name" : "51378",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51378"
},
{
"name" : "hp-integrated-lights-info-disc(80155)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80155"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56597"
},
{
"name": "HPSBHF02821",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515413"
},
{
"name": "51378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51378"
},
{
"name": "SSRT100934",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03515413"
},
{
"name": "1027790",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027790"
},
{
"name": "hp-integrated-lights-info-disc(80155)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80155"
}
]
}
}

250
2012/3xxx/CVE-2012-3481.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3481",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120820 The Gimp GIF plug-in CVE-2012-3481 issue",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/20/8"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=776572",
"refsource" : "MISC",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=776572"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=847303",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=847303"
},
{
"name" : "MDVSA-2012:142",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:142"
},
{
"name" : "MDVSA-2013:082",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:082"
},
{
"name" : "RHSA-2012:1180",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"name" : "RHSA-2012:1181",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"name" : "openSUSE-SU-2012:1080",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html"
},
{
"name" : "SUSE-SU-2012:1038",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00023.html"
},
{
"name" : "openSUSE-SU-2012:1131",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html"
},
{
"name" : "USN-1559-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1559-1"
},
{
"name" : "55101",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55101"
},
{
"name" : "1027411",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027411"
},
{
"name" : "50296",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:1038",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00023.html"
},
{
"name": "USN-1559-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1559-1"
},
{
"name": "RHSA-2012:1180",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1180.html"
},
{
"name": "1027411",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027411"
},
{
"name": "RHSA-2012:1181",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1181.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=776572",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=776572"
},
{
"name": "55101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55101"
},
{
"name": "MDVSA-2013:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:082"
},
{
"name": "openSUSE-SU-2012:1080",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00000.html"
},
{
"name": "openSUSE-SU-2012:1131",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00043.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=847303",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=847303"
},
{
"name": "MDVSA-2012:142",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:142"
},
{
"name": "50296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50296"
},
{
"name": "[oss-security] 20120820 The Gimp GIF plug-in CVE-2012-3481 issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/20/8"
}
]
}
}

130
2012/4xxx/CVE-2012-4694.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-042-01.pdf",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-042-01.pdf"
},
{
"name" : "http://www.moxa.com/support/download.aspx?type=support&id=492",
"refsource" : "CONFIRM",
"url" : "http://www.moxa.com/support/download.aspx?type=support&id=492"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moxa EDR-G903 series routers with firmware before 2.11 do not use a sufficient source of entropy for (1) SSH and (2) SSL keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-042-01.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-042-01.pdf"
},
{
"name": "http://www.moxa.com/support/download.aspx?type=support&id=492",
"refsource": "CONFIRM",
"url": "http://www.moxa.com/support/download.aspx?type=support&id=492"
}
]
}
}

240
2012/4xxx/CVE-2012-4792.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4792",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-4792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cbutton_uaf.rb",
"refsource" : "MISC",
"url" : "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cbutton_uaf.rb"
},
{
"name" : "http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html",
"refsource" : "MISC",
"url" : "http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html"
},
{
"name" : "http://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/",
"refsource" : "MISC",
"url" : "http://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/"
},
{
"name" : "http://labs.alienvault.com/labs/index.php/2012/just-another-water-hole-campaign-using-an-internet-explorer-0day/",
"refsource" : "MISC",
"url" : "http://labs.alienvault.com/labs/index.php/2012/just-another-water-hole-campaign-using-an-internet-explorer-0day/"
},
{
"name" : "http://packetstormsecurity.com/files/119168/Microsoft-Internet-Explorer-CDwnBindInfo-Object-Use-After-Free.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/119168/Microsoft-Internet-Explorer-CDwnBindInfo-Object-Use-After-Free.html"
},
{
"name" : "http://technet.microsoft.com/security/advisory/2794220",
"refsource" : "CONFIRM",
"url" : "http://technet.microsoft.com/security/advisory/2794220"
},
{
"name" : "http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx"
},
{
"name" : "http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx"
},
{
"name" : "MS13-008",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-008"
},
{
"name" : "TA13-008A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"name" : "TA13-015A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-015A.html"
},
{
"name" : "VU#154201",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/154201"
},
{
"name" : "oval:org.mitre.oval:def:16361",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16361"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA13-008A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-008A.html"
},
{
"name": "MS13-008",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-008"
},
{
"name": "VU#154201",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/154201"
},
{
"name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cbutton_uaf.rb",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_cbutton_uaf.rb"
},
{
"name": "http://labs.alienvault.com/labs/index.php/2012/just-another-water-hole-campaign-using-an-internet-explorer-0day/",
"refsource": "MISC",
"url": "http://labs.alienvault.com/labs/index.php/2012/just-another-water-hole-campaign-using-an-internet-explorer-0day/"
},
{
"name": "http://packetstormsecurity.com/files/119168/Microsoft-Internet-Explorer-CDwnBindInfo-Object-Use-After-Free.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/119168/Microsoft-Internet-Explorer-CDwnBindInfo-Object-Use-After-Free.html"
},
{
"name": "http://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/",
"refsource": "MISC",
"url": "http://eromang.zataz.com/2012/12/29/attack-and-ie-0day-informations-used-against-council-on-foreign-relations/"
},
{
"name": "oval:org.mitre.oval:def:16361",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16361"
},
{
"name": "TA13-015A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-015A.html"
},
{
"name": "http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html",
"refsource": "MISC",
"url": "http://blog.fireeye.com/research/2012/12/council-foreign-relations-water-hole-attack-details.html"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx"
},
{
"name": "http://technet.microsoft.com/security/advisory/2794220",
"refsource": "CONFIRM",
"url": "http://technet.microsoft.com/security/advisory/2794220"
},
{
"name": "http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/b/srd/archive/2012/12/31/microsoft-quot-fix-it-quot-available-for-internet-explorer-6-7-and-8.aspx"
}
]
}
}

34
2012/6xxx/CVE-2012-6009.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6009",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6009",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/6xxx/CVE-2012-6294.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6294",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6294",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

240
2012/6xxx/CVE-2012-6644.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18341",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18341"
},
{
"name" : "http://packetstormsecurity.org/files/108489/clipbucket-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/108489/clipbucket-sqlxss.txt"
},
{
"name" : "51321",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51321"
},
{
"name" : "78193",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78193"
},
{
"name" : "78194",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78194"
},
{
"name" : "78195",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78195"
},
{
"name" : "78196",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78196"
},
{
"name" : "78197",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78197"
},
{
"name" : "78198",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78198"
},
{
"name" : "78199",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78199"
},
{
"name" : "78200",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78200"
},
{
"name" : "47474",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47474"
},
{
"name" : "clipbucket-multiple-xss(72245)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72245"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to channels.php, (2) collections.php, (3) groups.php, or (4) videos.php; (5) query parameter to search_result.php; or (6) type parameter to view_collection.php or (7) view_item.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78195",
"refsource": "OSVDB",
"url": "http://osvdb.org/78195"
},
{
"name": "51321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51321"
},
{
"name": "78194",
"refsource": "OSVDB",
"url": "http://osvdb.org/78194"
},
{
"name": "78199",
"refsource": "OSVDB",
"url": "http://osvdb.org/78199"
},
{
"name": "http://packetstormsecurity.org/files/108489/clipbucket-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/108489/clipbucket-sqlxss.txt"
},
{
"name": "78196",
"refsource": "OSVDB",
"url": "http://osvdb.org/78196"
},
{
"name": "18341",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18341"
},
{
"name": "78197",
"refsource": "OSVDB",
"url": "http://osvdb.org/78197"
},
{
"name": "clipbucket-multiple-xss(72245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72245"
},
{
"name": "78193",
"refsource": "OSVDB",
"url": "http://osvdb.org/78193"
},
{
"name": "78198",
"refsource": "OSVDB",
"url": "http://osvdb.org/78198"
},
{
"name": "47474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47474"
},
{
"name": "78200",
"refsource": "OSVDB",
"url": "http://osvdb.org/78200"
}
]
}
}

34
2017/2xxx/CVE-2017-2250.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2250",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2250",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/2xxx/CVE-2017-2535.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2535",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Security\" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (resource consumption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207797",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207797"
},
{
"name" : "1038484",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Security\" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (resource consumption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038484",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038484"
},
{
"name": "https://support.apple.com/HT207797",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207797"
}
]
}
}

130
2017/6xxx/CVE-2017-6022.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-6022",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BD Kiestra PerformA and KLA Journal Service",
"version" : {
"version_data" : [
{
"version_value" : "BD Kiestra PerformA and KLA Journal Service"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-259"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BD Kiestra PerformA and KLA Journal Service",
"version": {
"version_data": [
{
"version_value": "BD Kiestra PerformA and KLA Journal Service"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name" : "97057",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97057"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A hard-coded password issue was discovered in Becton, Dickinson and Company (BD) PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01"
},
{
"name": "97057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97057"
}
]
}
}

190
2017/6xxx/CVE-2017-6819.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6819",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://openwall.com/lists/oss-security/2017/03/06/7",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2017/03/06/7"
},
{
"name" : "https://codex.wordpress.org/Version_4.7.3",
"refsource" : "MISC",
"url" : "https://codex.wordpress.org/Version_4.7.3"
},
{
"name" : "https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829",
"refsource" : "MISC",
"url" : "https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829"
},
{
"name" : "https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html",
"refsource" : "MISC",
"url" : "https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html"
},
{
"name" : "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/",
"refsource" : "MISC",
"url" : "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8770",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8770"
},
{
"name" : "96602",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96602"
},
{
"name" : "1037959",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037959"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96602"
},
{
"name": "1037959",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037959"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8770",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8770"
},
{
"name": "http://openwall.com/lists/oss-security/2017/03/06/7",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/03/06/7"
},
{
"name": "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/",
"refsource": "MISC",
"url": "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/"
},
{
"name": "https://codex.wordpress.org/Version_4.7.3",
"refsource": "MISC",
"url": "https://codex.wordpress.org/Version_4.7.3"
},
{
"name": "https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829",
"refsource": "MISC",
"url": "https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829"
},
{
"name": "https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html",
"refsource": "MISC",
"url": "https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html"
}
]
}
}

130
2018/11xxx/CVE-2018-11274.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11274",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input in Audio"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d738e60471cca6aa7a0b06a6f5cfb89ad66d1766",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d738e60471cca6aa7a0b06a6f5cfb89ad66d1766"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in Audio"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d738e60471cca6aa7a0b06a6f5cfb89ad66d1766",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d738e60471cca6aa7a0b06a6f5cfb89ad66d1766"
}
]
}
}

130
2018/14xxx/CVE-2018-14016.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14016",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/40b021ba29c8f90ccf7c879fde2580bc73a17e8e",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/40b021ba29c8f90ccf7c879fde2580bc73a17e8e"
},
{
"name" : "https://github.com/radare/radare2/issues/10464",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/10464"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Crash Dump file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/radare/radare2/commit/40b021ba29c8f90ccf7c879fde2580bc73a17e8e",
"refsource": "MISC",
"url": "https://github.com/radare/radare2/commit/40b021ba29c8f90ccf7c879fde2580bc73a17e8e"
},
{
"name": "https://github.com/radare/radare2/issues/10464",
"refsource": "MISC",
"url": "https://github.com/radare/radare2/issues/10464"
}
]
}
}

130
2018/14xxx/CVE-2018-14304.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14304",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.5096"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Text annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6220."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.5096"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-764",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-764"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Text annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6220."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-764",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-764"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

170
2018/14xxx/CVE-2018-14658.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-14658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "keycloak",
"version" : {
"version_data" : [
{
"version_value" : "3.2.1.Final"
}
]
}
}
]
},
"vendor_name" : "Red Hat"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack"
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-601"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "3.2.1.Final"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658"
},
{
"name" : "RHSA-2018:3592",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"name" : "RHSA-2018:3593",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"name" : "RHSA-2018:3595",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3595"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14658"
},
{
"name": "RHSA-2018:3592",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"name": "RHSA-2018:3593",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"name": "RHSA-2018:3595",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
}
]
}
}

34
2018/15xxx/CVE-2018-15201.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15201",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15201",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15213.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15213",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15213",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/15xxx/CVE-2018-15536.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15536",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45271",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45271/"
},
{
"name" : "20180821 RESPONSIVE filemanager",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Aug/34"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45271",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45271/"
},
{
"name": "20180821 RESPONSIVE filemanager",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/34"
}
]
}
}

162
2018/15xxx/CVE-2018-15778.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2019-02-01T15:39:00.000Z",
"ID" : "CVE-2018-15778",
"STATE" : "PUBLIC",
"TITLE" : "DSA-2019-019: Dell Networking OS10 OS Command Injection Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Dell Networking OS10",
"version" : {
"version_data" : [
{
"version_value" : "10.4.2.1"
}
]
}
}
]
},
"vendor_name" : "Dell"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI)."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "This vulnerability could potentially allow an attacker to execute unexpected, dangerous commands directly on the operating system."
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-02-01T15:39:00.000Z",
"ID": "CVE-2018-15778",
"STATE": "PUBLIC",
"TITLE": "DSA-2019-019: Dell Networking OS10 OS Command Injection Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell Networking OS10",
"version": {
"version_data": [
{
"version_value": "10.4.2.1"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.dell.com/support/article/sln316095/",
"refsource" : "MISC",
"url" : "https://www.dell.com/support/article/sln316095/"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "This vulnerability could potentially allow an attacker to execute unexpected, dangerous commands directly on the operating system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/sln316095/",
"refsource": "MISC",
"url": "https://www.dell.com/support/article/sln316095/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

130
2018/15xxx/CVE-2018-15988.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-15988",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-15988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name" : "106172",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106172"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name": "106172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106172"
}
]
}
}

130
2018/20xxx/CVE-2018-20190.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sass/libsass/issues/2786",
"refsource" : "MISC",
"url" : "https://github.com/sass/libsass/issues/2786"
},
{
"name" : "106232",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106232"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106232"
},
{
"name": "https://github.com/sass/libsass/issues/2786",
"refsource": "MISC",
"url": "https://github.com/sass/libsass/issues/2786"
}
]
}
}

130
2018/20xxx/CVE-2018-20327.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20327",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered \"low risk\" due to the nature of the feature it exploits."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/chamilo/chamilo-lms/commit/814049e5bd5317d761dda0ebbbc519cb2a64ab6c",
"refsource" : "MISC",
"url" : "https://github.com/chamilo/chamilo-lms/commit/814049e5bd5317d761dda0ebbbc519cb2a64ab6c"
},
{
"name" : "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-32-2018-11-28-Low-risk-More-XSS-and-path-disclosure-issues",
"refsource" : "MISC",
"url" : "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-32-2018-11-28-Low-risk-More-XSS-and-path-disclosure-issues"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered \"low risk\" due to the nature of the feature it exploits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-32-2018-11-28-Low-risk-More-XSS-and-path-disclosure-issues",
"refsource": "MISC",
"url": "https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-32-2018-11-28-Low-risk-More-XSS-and-path-disclosure-issues"
},
{
"name": "https://github.com/chamilo/chamilo-lms/commit/814049e5bd5317d761dda0ebbbc519cb2a64ab6c",
"refsource": "MISC",
"url": "https://github.com/chamilo/chamilo-lms/commit/814049e5bd5317d761dda0ebbbc519cb2a64ab6c"
}
]
}
}