admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:03:51 +00:00
parent 39b2d1d704
commit 451dffe4d3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 4244 additions and 4245 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/0xxx/CVE-2002-0114.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0114",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020110 Legato Vulnerable",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/249420"
},
{
"name" : "3842",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3842"
},
{
"name" : "legato-nsrd-log-plaintext(7898)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7898.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "legato-nsrd-log-plaintext(7898)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7898.php"
},
{
"name": "20020110 Legato Vulnerable",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/249420"
},
{
"name": "3842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3842"
}
]
}
}

140
2002/0xxx/CVE-2002-0187.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0187",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka \"Script Injection via XML Tag.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102397345410856&w=2"
},
{
"name" : "20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html"
},
{
"name" : "MS02-030",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-030"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka \"Script Injection via XML Tag.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html"
},
{
"name": "MS02-030",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-030"
},
{
"name": "20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102397345410856&w=2"
}
]
}
}

170
2002/0xxx/CVE-2002-0357.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0357",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020601-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20020601-01-P"
},
{
"name" : "VU#430419",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/430419"
},
{
"name" : "M-087",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/m-087.shtml"
},
{
"name" : "4939",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4939"
},
{
"name" : "834",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/834"
},
{
"name" : "irix-rpcpasswd-gain-privileges(9261)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9261.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020601-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020601-01-P"
},
{
"name": "M-087",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-087.shtml"
},
{
"name": "irix-rpcpasswd-gain-privileges(9261)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9261.php"
},
{
"name": "4939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4939"
},
{
"name": "VU#430419",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/430419"
},
{
"name": "834",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/834"
}
]
}
}

140
2002/0xxx/CVE-2002-0419.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020305 Considerations for IIS Authentication (#NISR05032002C)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101535399100534&w=2"
},
{
"name" : "4235",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4235"
},
{
"name" : "iis-authentication-error-messages(8382)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8382.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4235"
},
{
"name": "iis-authentication-error-messages(8382)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8382.php"
},
{
"name": "20020305 Considerations for IIS Authentication (#NISR05032002C)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101535399100534&w=2"
}
]
}
}

160
2002/0xxx/CVE-2002-0540.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0540",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nortel CVX 1800 is installed with a default \"public\" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020419 Re: Nortel CVX 1800s will dump all local user names and passwords via SNMP",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0272.html"
},
{
"name" : "20020413 Nortel CVX 1800s will dump all local user names and passwords via SNMP",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/267627"
},
{
"name" : "VU#403315",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/403315"
},
{
"name" : "nortel-default-snmp-string(8848)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8848.php"
},
{
"name" : "4507",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4507"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nortel CVX 1800 is installed with a default \"public\" community string, which allows remote attackers to read usernames and passwords and modify the CVX configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020419 Re: Nortel CVX 1800s will dump all local user names and passwords via SNMP",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0272.html"
},
{
"name": "VU#403315",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/403315"
},
{
"name": "20020413 Nortel CVX 1800s will dump all local user names and passwords via SNMP",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/267627"
},
{
"name": "4507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4507"
},
{
"name": "nortel-default-snmp-string(8848)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8848.php"
}
]
}
}

210
2002/1xxx/CVE-2002-1281.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1281",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021112 KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103712550205730&w=2"
},
{
"name" : "http://www.kde.org/info/security/advisory-20021111-1.txt",
"refsource" : "CONFIRM",
"url" : "http://www.kde.org/info/security/advisory-20021111-1.txt"
},
{
"name" : "CSSA-2003-012.0",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-012.0.txt"
},
{
"name" : "MDKSA-2002:079",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-079.php"
},
{
"name" : "RHSA-2002:220",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-220.html"
},
{
"name" : "DSA-204",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-204"
},
{
"name" : "20021114 GLSA: kdelibs",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103728981029342&w=2"
},
{
"name" : "8298",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8298"
},
{
"name" : "kde-rlogin-command-execution(10602)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10602.php"
},
{
"name" : "6182",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6182"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CSSA-2003-012.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-012.0.txt"
},
{
"name": "kde-rlogin-command-execution(10602)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10602.php"
},
{
"name": "20021114 GLSA: kdelibs",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103728981029342&w=2"
},
{
"name": "8298",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8298"
},
{
"name": "http://www.kde.org/info/security/advisory-20021111-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20021111-1.txt"
},
{
"name": "MDKSA-2002:079",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-079.php"
},
{
"name": "20021112 KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103712550205730&w=2"
},
{
"name": "DSA-204",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-204"
},
{
"name": "RHSA-2002:220",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-220.html"
},
{
"name": "6182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6182"
}
]
}
}

180
2002/1xxx/CVE-2002-1392.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty",
"refsource" : "CONFIRM",
"url" : "http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty"
},
{
"name" : "CSSA-2003-021.0",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt"
},
{
"name" : "GLSA-200304-09",
"refsource" : "GENTOO",
"url" : "http://marc.info/?l=bugtraq&m=105154413326136&w=2"
},
{
"name" : "RHSA-2003:008",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-008.html"
},
{
"name" : "RHSA-2003:036",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-036.html"
},
{
"name" : "7302",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7302"
},
{
"name" : "mgetty-faxspool-worldwritable-directory(11070)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11070"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mgetty-faxspool-worldwritable-directory(11070)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11070"
},
{
"name": "7302",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7302"
},
{
"name": "RHSA-2003:036",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-036.html"
},
{
"name": "CSSA-2003-021.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt"
},
{
"name": "GLSA-200304-09",
"refsource": "GENTOO",
"url": "http://marc.info/?l=bugtraq&m=105154413326136&w=2"
},
{
"name": "RHSA-2003:008",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-008.html"
},
{
"name": "http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty",
"refsource": "CONFIRM",
"url": "http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty"
}
]
}
}

150
2002/1xxx/CVE-2002-1671.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020112 IE Clipboard Stealing Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/250248"
},
{
"name" : "20020115 Re: IE Clipboard Stealing Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/250387/2002-10-11/2002-10-17/2"
},
{
"name" : "3862",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3862"
},
{
"name" : "ie-clipboarddata-view-clipboard(7906)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7906"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers to monitor the contents of the clipboard via the getData method of the clipboardData object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3862",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3862"
},
{
"name": "ie-clipboarddata-view-clipboard(7906)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7906"
},
{
"name": "20020112 IE Clipboard Stealing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/250248"
},
{
"name": "20020115 Re: IE Clipboard Stealing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/250387/2002-10-11/2002-10-17/2"
}
]
}
}

190
2002/1xxx/CVE-2002-1742.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1742",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phrack.org/show.php?p=58&a=9",
"refsource" : "MISC",
"url" : "http://www.phrack.org/show.php?p=58&a=9"
},
{
"name" : "http://use.perl.org/articles/02/04/09/000212.shtml?tid=5",
"refsource" : "MISC",
"url" : "http://use.perl.org/articles/02/04/09/000212.shtml?tid=5"
},
{
"name" : "20020411 SOAP::Lite hole",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/267051"
},
{
"name" : "FreeBSD-SN-02:02",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A02.asc"
},
{
"name" : "http://www.phrack.com/show.php?p=58&a=9",
"refsource" : "MISC",
"url" : "http://www.phrack.com/show.php?p=58&a=9"
},
{
"name" : "http://www.soaplite.com/",
"refsource" : "MISC",
"url" : "http://www.soaplite.com/"
},
{
"name" : "4493",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4493"
},
{
"name" : "soap-perl-execute-functions(8838)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8838"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary Perl functions by suppling a non-existent function in a script using a SOAP::Lite module, which causes the AUTOLOAD subroutine to trigger."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phrack.org/show.php?p=58&a=9",
"refsource": "MISC",
"url": "http://www.phrack.org/show.php?p=58&a=9"
},
{
"name": "http://use.perl.org/articles/02/04/09/000212.shtml?tid=5",
"refsource": "MISC",
"url": "http://use.perl.org/articles/02/04/09/000212.shtml?tid=5"
},
{
"name": "FreeBSD-SN-02:02",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A02.asc"
},
{
"name": "4493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4493"
},
{
"name": "http://www.phrack.com/show.php?p=58&a=9",
"refsource": "MISC",
"url": "http://www.phrack.com/show.php?p=58&a=9"
},
{
"name": "soap-perl-execute-functions(8838)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8838"
},
{
"name": "20020411 SOAP::Lite hole",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/267051"
},
{
"name": "http://www.soaplite.com/",
"refsource": "MISC",
"url": "http://www.soaplite.com/"
}
]
}
}

140
2002/1xxx/CVE-2002-1987.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1987",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a \"\\..\" (backslash dot dot)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020617 KPMG-2002020: Resin view_source.jsp Arbitrary File Reading",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/277225"
},
{
"name" : "5031",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5031"
},
{
"name" : "resin-viewsource-directory-traversal(9351)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9351.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 allows remote attackers to read arbitrary files via a \"\\..\" (backslash dot dot)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020617 KPMG-2002020: Resin view_source.jsp Arbitrary File Reading",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/277225"
},
{
"name": "5031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5031"
},
{
"name": "resin-viewsource-directory-traversal(9351)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9351.php"
}
]
}
}

140
2002/2xxx/CVE-2002-2132.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021226 Full Disclosure: Windows File Protection Old Security Catalog Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0250.html"
},
{
"name" : "wfp-security-catalogs(10957)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10957.php"
},
{
"name" : "6483",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6483"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6483"
},
{
"name": "wfp-security-catalogs(10957)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10957.php"
},
{
"name": "20021226 Full Disclosure: Windows File Protection Old Security Catalog Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0250.html"
}
]
}
}

140
2002/2xxx/CVE-2002-2280.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2280",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021120 [OpenBSD] [syslogd] false src-IP when logging to remote syslogd",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0272.html"
},
{
"name" : "6219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6219"
},
{
"name" : "openbsd-syslogd-incorrect-reporting(10702)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10702"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021120 [OpenBSD] [syslogd] false src-IP when logging to remote syslogd",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0272.html"
},
{
"name": "openbsd-syslogd-incorrect-reporting(10702)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10702"
},
{
"name": "6219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6219"
}
]
}
}

140
2002/2xxx/CVE-2002-2382.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2382",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[freebsd-security] 20021109 Security issue in net/cvsup-mirror port",
"refsource" : "MLIST",
"url" : "http://archives.neohapsis.com/archives/freebsd/2002-11/0011.html"
},
{
"name" : "6150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6150"
},
{
"name" : "cvsup-cvsupd-out-symlink(10610)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10610.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on /var/tmp/cvsupd.out."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6150"
},
{
"name": "[freebsd-security] 20021109 Security issue in net/cvsup-mirror port",
"refsource": "MLIST",
"url": "http://archives.neohapsis.com/archives/freebsd/2002-11/0011.html"
},
{
"name": "cvsup-cvsupd-out-symlink(10610)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10610.php"
}
]
}
}

130
2003/0xxx/CVE-2003-0273.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0273",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030508 Fw: [rt-users] [rt-announce] RT 1.0.7 vulnerable to Cross Site Scripting attacks",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105240947225275&w=2"
},
{
"name" : "http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html",
"refsource" : "CONFIRM",
"url" : "http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html",
"refsource": "CONFIRM",
"url": "http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html"
},
{
"name": "20030508 Fw: [rt-users] [rt-announce] RT 1.0.7 vulnerable to Cross Site Scripting attacks",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105240947225275&w=2"
}
]
}
}

270
2003/0xxx/CVE-2003-0282.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \"..\" sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030509 unzip directory traversal revisited",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105259038503175&w=2"
},
{
"name" : "http://www.info-zip.org/FAQ.html",
"refsource" : "CONFIRM",
"url" : "http://www.info-zip.org/FAQ.html"
},
{
"name" : "CSSA-2003-031.0",
"refsource" : "CALDERA",
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt"
},
{
"name" : "CLA-2003:672",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672"
},
{
"name" : "DSA-344",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-344"
},
{
"name" : "IMNX-2003-7+-017-01",
"refsource" : "IMMUNIX",
"url" : "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01"
},
{
"name" : "MDKSA-2003:073",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:073"
},
{
"name" : "RHSA-2003:199",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-199.html"
},
{
"name" : "RHSA-2003:200",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-200.html"
},
{
"name" : "CSSA-2003-031.0",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt"
},
{
"name" : "TLSA-2003-42",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.com/security/TLSA-2003-42.txt"
},
{
"name" : "20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105786446329347&w=2"
},
{
"name" : "N-111",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/n-111.shtml"
},
{
"name" : "7550",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7550"
},
{
"name" : "oval:org.mitre.oval:def:619",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619"
},
{
"name" : "unzip-dotdot-directory-traversal(12004)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \"..\" sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030509 unzip directory traversal revisited",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105259038503175&w=2"
},
{
"name": "CLA-2003:672",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672"
},
{
"name": "unzip-dotdot-directory-traversal(12004)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12004"
},
{
"name": "http://www.info-zip.org/FAQ.html",
"refsource": "CONFIRM",
"url": "http://www.info-zip.org/FAQ.html"
},
{
"name": "RHSA-2003:199",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-199.html"
},
{
"name": "MDKSA-2003:073",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:073"
},
{
"name": "TLSA-2003-42",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-42.txt"
},
{
"name": "oval:org.mitre.oval:def:619",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619"
},
{
"name": "N-111",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-111.shtml"
},
{
"name": "CSSA-2003-031.0",
"refsource": "CALDERA",
"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt"
},
{
"name": "7550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7550"
},
{
"name": "CSSA-2003-031.0",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt"
},
{
"name": "20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105786446329347&w=2"
},
{
"name": "RHSA-2003:200",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-200.html"
},
{
"name": "IMNX-2003-7+-017-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01"
},
{
"name": "DSA-344",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-344"
}
]
}
}

280
2005/1xxx/CVE-2005-1761.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1761",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-1761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1"
},
{
"name" : "DSA-922",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-922"
},
{
"name" : "DSA-1018",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1018"
},
{
"name" : "FLSA:157459-3",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name" : "RHSA-2005:514",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-514.html"
},
{
"name" : "RHSA-2005:551",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-551.html"
},
{
"name" : "RHSA-2005:663",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-663.html"
},
{
"name" : "SUSE-SA:2005:044",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_44_kernel.html"
},
{
"name" : "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea78729b8dbfc400fe165a57b90a394a7275a54",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea78729b8dbfc400fe165a57b90a394a7275a54"
},
{
"name" : "14051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14051"
},
{
"name" : "oval:org.mitre.oval:def:10487",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10487"
},
{
"name" : "ADV-2005-1878",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1878"
},
{
"name" : "1014275",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014275"
},
{
"name" : "18056",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18056"
},
{
"name" : "17073",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17073"
},
{
"name" : "19369",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19369"
},
{
"name" : "17002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17002"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18056"
},
{
"name": "14051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14051"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1"
},
{
"name": "17073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17073"
},
{
"name": "19369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19369"
},
{
"name": "oval:org.mitre.oval:def:10487",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10487"
},
{
"name": "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea78729b8dbfc400fe165a57b90a394a7275a54",
"refsource": "CONFIRM",
"url": "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4ea78729b8dbfc400fe165a57b90a394a7275a54"
},
{
"name": "DSA-1018",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1018"
},
{
"name": "DSA-922",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-922"
},
{
"name": "RHSA-2005:551",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-551.html"
},
{
"name": "1014275",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014275"
},
{
"name": "RHSA-2005:514",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-514.html"
},
{
"name": "17002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17002"
},
{
"name": "SUSE-SA:2005:044",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_44_kernel.html"
},
{
"name": "FLSA:157459-3",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name": "RHSA-2005:663",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-663.html"
},
{
"name": "ADV-2005-1878",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1878"
}
]
}
}

230
2009/1xxx/CVE-2009-1073.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090323 CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/03/23/3"
},
{
"name" : "[oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/03/24/2"
},
{
"name" : "[oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/03/25/3"
},
{
"name" : "[oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/03/25/4"
},
{
"name" : "http://launchpad.net/bugs/cve/2009-1073",
"refsource" : "MISC",
"url" : "http://launchpad.net/bugs/cve/2009-1073"
},
{
"name" : "http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/debian/libnss-ldapd.postinst?r1=795&r2=813",
"refsource" : "CONFIRM",
"url" : "http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/debian/libnss-ldapd.postinst?r1=795&r2=813"
},
{
"name" : "http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/man/nss-ldapd.conf.5.xml?r1=805&r2=806",
"refsource" : "CONFIRM",
"url" : "http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/man/nss-ldapd.conf.5.xml?r1=805&r2=806"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476"
},
{
"name" : "http://ch.tudelft.nl/~arthur/nss-ldapd/news.html#20090322",
"refsource" : "CONFIRM",
"url" : "http://ch.tudelft.nl/~arthur/nss-ldapd/news.html#20090322"
},
{
"name" : "DSA-1758",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1758"
},
{
"name" : "34211",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34211"
},
{
"name" : "34523",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34523"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nss-ldapd before 0.6.8 uses world-readable permissions for the /etc/nss-ldapd.conf file, which allows local users to obtain a cleartext password for the LDAP server by reading the bindpw field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/25/4"
},
{
"name": "[oss-security] 20090323 CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/3"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=520476"
},
{
"name": "34211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34211"
},
{
"name": "http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/debian/libnss-ldapd.postinst?r1=795&r2=813",
"refsource": "CONFIRM",
"url": "http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/debian/libnss-ldapd.postinst?r1=795&r2=813"
},
{
"name": "[oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/24/2"
},
{
"name": "http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/man/nss-ldapd.conf.5.xml?r1=805&r2=806",
"refsource": "CONFIRM",
"url": "http://arthurenhella.demon.nl/viewvc/nss-ldapd/nss-ldapd/man/nss-ldapd.conf.5.xml?r1=805&r2=806"
},
{
"name": "[oss-security] 20090324 Re: CVE request -- ucd-snmp / net-snmp, libnss-ldapd / nss_ldap",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/25/3"
},
{
"name": "34523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34523"
},
{
"name": "http://ch.tudelft.nl/~arthur/nss-ldapd/news.html#20090322",
"refsource": "CONFIRM",
"url": "http://ch.tudelft.nl/~arthur/nss-ldapd/news.html#20090322"
},
{
"name": "http://launchpad.net/bugs/cve/2009-1073",
"refsource": "MISC",
"url": "http://launchpad.net/bugs/cve/2009-1073"
},
{
"name": "DSA-1758",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1758"
}
]
}
}

180
2012/0xxx/CVE-2012-0118.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0118",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name" : "DSA-2429",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2429"
},
{
"name" : "GLSA-201308-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name" : "USN-1397-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name" : "53372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53372"
},
{
"name" : "48250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1397-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "48250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48250"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659687"
},
{
"name": "DSA-2429",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2429"
}
]
}
}

170
2012/0xxx/CVE-2012-0264.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0264",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120107 OP5 Monitor - Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name" : "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf",
"refsource" : "MISC",
"url" : "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
},
{
"name" : "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/",
"refsource" : "CONFIRM",
"url" : "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name" : "https://bugs.op5.com/view.php?id=5094",
"refsource" : "CONFIRM",
"url" : "https://bugs.op5.com/view.php?id=5094"
},
{
"name" : "78066",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/78066"
},
{
"name" : "47344",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47344"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78066",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78066"
},
{
"name": "https://bugs.op5.com/view.php?id=5094",
"refsource": "CONFIRM",
"url": "https://bugs.op5.com/view.php?id=5094"
},
{
"name": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/",
"refsource": "CONFIRM",
"url": "http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/"
},
{
"name": "47344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47344"
},
{
"name": "20120107 OP5 Monitor - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Jan/62"
},
{
"name": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf",
"refsource": "MISC",
"url": "http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf"
}
]
}
}

170
2012/0xxx/CVE-2012-0494.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0494",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name" : "GLSA-201308-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name" : "USN-1397-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name" : "78375",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78375"
},
{
"name" : "53372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53372"
},
{
"name" : "mysql-serveruns16-dos(72540)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72540"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1397-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "mysql-serveruns16-dos(72540)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72540"
},
{
"name": "78375",
"refsource": "OSVDB",
"url": "http://osvdb.org/78375"
}
]
}
}

150
2012/0xxx/CVE-2012-0584.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-0584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2012-03-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name" : "80088",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80088"
},
{
"name" : "1026785",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026785"
},
{
"name" : "48377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48377"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48377"
},
{
"name": "80088",
"refsource": "OSVDB",
"url": "http://osvdb.org/80088"
},
{
"name": "1026785",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026785"
},
{
"name": "APPLE-SA-2012-03-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
}
]
}
}

120
2012/0xxx/CVE-2012-0685.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0685",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://technet.microsoft.com/en-us/security/msvr/msvr12-001",
"refsource" : "MISC",
"url" : "http://technet.microsoft.com/en-us/security/msvr/msvr12-001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001",
"refsource": "MISC",
"url": "http://technet.microsoft.com/en-us/security/msvr/msvr12-001"
}
]
}
}

160
2012/0xxx/CVE-2012-0850.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0850",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/02/01/11"
},
{
"name" : "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/02/14/4"
},
{
"name" : "http://ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://ffmpeg.org/security.html"
},
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=944f5b2779e4aa63f7624df6cd4de832a53db81b",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=944f5b2779e4aa63f7624df6cd4de832a53db81b"
},
{
"name" : "ffmpeg-sbrqmfsynthesis-dos(78934)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78934"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ffmpeg-sbrqmfsynthesis-dos(78934)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78934"
},
{
"name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/14/4"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=944f5b2779e4aa63f7624df6cd4de832a53db81b",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=944f5b2779e4aa63f7624df6cd4de832a53db81b"
},
{
"name": "http://ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/security.html"
},
{
"name": "[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/01/11"
}
]
}
}

34
2012/1xxx/CVE-2012-1551.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1551",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1551",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2012/1xxx/CVE-2012-1977.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-1977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dsecrg.com/pages/vul/show.php?id=405",
"refsource" : "MISC",
"url" : "http://dsecrg.com/pages/vul/show.php?id=405"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-129-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-129-01.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dsecrg.com/pages/vul/show.php?id=405",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=405"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-129-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-129-01.pdf"
}
]
}
}

210
2012/3xxx/CVE-2012-3160.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3160",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "DSA-2581",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2581"
},
{
"name" : "GLSA-201308-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "RHSA-2012:1462",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
},
{
"name" : "USN-1621-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1621-1"
},
{
"name" : "51309",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51309"
},
{
"name" : "51177",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51177"
},
{
"name" : "53372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53372"
},
{
"name" : "mysqlserver-serverinstallation-info-disc(79394)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79394"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51177"
},
{
"name": "RHSA-2012:1462",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1462.html"
},
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "mysqlserver-serverinstallation-info-disc(79394)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79394"
},
{
"name": "DSA-2581",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2581"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "51309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51309"
},
{
"name": "USN-1621-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1621-1"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

170
2012/3xxx/CVE-2012-3373.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3373",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wicket.apache.org/2012/09/06/cve-2012-3373.html",
"refsource" : "CONFIRM",
"url" : "http://wicket.apache.org/2012/09/06/cve-2012-3373.html"
},
{
"name" : "55445",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55445"
},
{
"name" : "85249",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85249"
},
{
"name" : "1027508",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027508"
},
{
"name" : "50555",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50555"
},
{
"name" : "apache-wicket-unspecified-xss(78321)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55445"
},
{
"name": "50555",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50555"
},
{
"name": "apache-wicket-unspecified-xss(78321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78321"
},
{
"name": "http://wicket.apache.org/2012/09/06/cve-2012-3373.html",
"refsource": "CONFIRM",
"url": "http://wicket.apache.org/2012/09/06/cve-2012-3373.html"
},
{
"name": "85249",
"refsource": "OSVDB",
"url": "http://osvdb.org/85249"
},
{
"name": "1027508",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027508"
}
]
}
}

150
2012/3xxx/CVE-2012-3691.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3691",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5400",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5400"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-07-25-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
}

180
2012/3xxx/CVE-2012-3749.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3749",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121101 APPLE-SA-2012-11-01-1 iOS 6.0.1",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html"
},
{
"name" : "http://support.apple.com/kb/HT5567",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5567"
},
{
"name" : "http://support.apple.com/kb/HT5598",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5598"
},
{
"name" : "APPLE-SA-2012-11-01-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html"
},
{
"name" : "APPLE-SA-2013-03-14-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"name" : "56361",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56361"
},
{
"name" : "51445",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51445"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56361"
},
{
"name": "51445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51445"
},
{
"name": "http://support.apple.com/kb/HT5567",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5567"
},
{
"name": "APPLE-SA-2012-11-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html"
},
{
"name": "APPLE-SA-2013-03-14-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
},
{
"name": "20121101 APPLE-SA-2012-11-01-1 iOS 6.0.1",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html"
},
{
"name": "http://support.apple.com/kb/HT5598",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5598"
}
]
}
}

140
2012/4xxx/CVE-2012-4154.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-4154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
},
{
"name" : "GLSA-201308-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml"
},
{
"name" : "oval:org.mitre.oval:def:15479",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15479"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:15479",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15479"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
},
{
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}
}

160
2012/4xxx/CVE-2012-4336.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4336",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120905 Cross-Site Scripting (XSS) Vulnerabilities in Flogr",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-09/0021.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23110",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23110"
},
{
"name" : "55418",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55418"
},
{
"name" : "flogr-index-any-xss(78311)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78311"
},
{
"name" : "flogr-index-xss(78310)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78310"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "flogr-index-any-xss(78311)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78311"
},
{
"name": "55418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55418"
},
{
"name": "20120905 Cross-Site Scripting (XSS) Vulnerabilities in Flogr",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0021.html"
},
{
"name": "flogr-index-xss(78310)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78310"
},
{
"name": "https://www.htbridge.com/advisory/HTB23110",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23110"
}
]
}
}

180
2012/4xxx/CVE-2012-4751.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html"
},
{
"name" : "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/",
"refsource" : "CONFIRM",
"url" : "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/"
},
{
"name" : "http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py",
"refsource" : "CONFIRM",
"url" : "http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py"
},
{
"name" : "http://znuny.com/en/#!/advisory/ZSA-2012-03",
"refsource" : "CONFIRM",
"url" : "http://znuny.com/en/#!/advisory/ZSA-2012-03"
},
{
"name" : "openSUSE-SU-2013:0145",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00036.html"
},
{
"name" : "VU#603276",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/603276"
},
{
"name" : "56093",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56093"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0145",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00036.html"
},
{
"name": "56093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56093"
},
{
"name": "http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py",
"refsource": "CONFIRM",
"url": "http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py"
},
{
"name": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/",
"refsource": "CONFIRM",
"url": "http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/"
},
{
"name": "http://znuny.com/en/#!/advisory/ZSA-2012-03",
"refsource": "CONFIRM",
"url": "http://znuny.com/en/#!/advisory/ZSA-2012-03"
},
{
"name": "VU#603276",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/603276"
},
{
"name": "http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html"
}
]
}
}

34
2012/6xxx/CVE-2012-6229.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6229",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6229",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

148
2017/1002xxx/CVE-2017-1002020.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-05-21",
"ID" : "CVE-2017-1002020",
"REQUESTER" : "kurt@seifried.org",
"STATE" : "PUBLIC",
"UPDATED" : "2017-08-10T14:41Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "surveys",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "1.01.8"
}
]
}
}
]
},
"vendor_name" : "Binny V A"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2017-05-21",
"ID": "CVE-2017-1002020",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "surveys",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.01.8"
}
]
}
}
]
},
"vendor_name": "Binny V A"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vapidlabs.com/advisory.php?v=193",
"refsource" : "MISC",
"url" : "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"name" : "https://wordpress.org/plugins/surveys/",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/surveys/"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8833",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8833"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8833",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8833"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=193",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=193"
},
{
"name": "https://wordpress.org/plugins/surveys/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/surveys/"
}
]
}
}

130
2017/2xxx/CVE-2017-2306.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"ID" : "CVE-2017-2306",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Junos Space",
"version" : {
"version_data" : [
{
"version_value" : "versions prior to 16.1R1"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "insufficient authorization check leading to code execution"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos Space",
"version": {
"version_data": [
{
"version_value": "versions prior to 16.1R1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10770",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10770"
},
{
"name" : "98772",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98772"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can execute code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient authorization check leading to code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10770",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10770"
},
{
"name": "98772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98772"
}
]
}
}

130
2017/2xxx/CVE-2017-2512.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Sandbox\" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207797",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207797"
},
{
"name" : "1038484",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Sandbox\" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038484",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038484"
},
{
"name": "https://support.apple.com/HT207797",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207797"
}
]
}
}

130
2017/2xxx/CVE-2017-2684.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ID" : "CVE-2017-2684",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SIMATIC Logon All versions < V1.5 SP3 Update 2",
"version" : {
"version_data" : [
{
"version_value" : "SIMATIC Logon All versions < V1.5 SP3 Update 2"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-592: Authentication Bypass Issues"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2017-2684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC Logon All versions < V1.5 SP3 Update 2",
"version": {
"version_data": [
{
"version_value": "SIMATIC Logon All versions < V1.5 SP3 Update 2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf",
"refsource" : "CONFIRM",
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf"
},
{
"name" : "96208",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96208"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-592: Authentication Bypass Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96208"
},
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf"
}
]
}
}

160
2017/6xxx/CVE-2017-6196.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6196",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283",
"refsource" : "CONFIRM",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697596",
"refsource" : "CONFIRM",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697596"
},
{
"name" : "GLSA-201708-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201708-06"
},
{
"name" : "96428",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96428"
},
{
"name" : "1037899",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037899"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037899",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037899"
},
{
"name": "96428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96428"
},
{
"name": "http://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283"
},
{
"name": "GLSA-201708-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-06"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697596",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697596"
}
]
}
}

180
2017/6xxx/CVE-2017-6346.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6346",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170228 Linux: packet: fix races in fanout_add() (CVE-2017-6346)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/28/6"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13"
},
{
"name" : "https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b"
},
{
"name" : "https://source.android.com/security/bulletin/2017-09-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name" : "DSA-3804",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3804"
},
{
"name" : "96508",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96508"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96508",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96508"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b"
},
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13"
},
{
"name": "[oss-security] 20170228 Linux: packet: fix races in fanout_add() (CVE-2017-6346)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/28/6"
},
{
"name": "DSA-3804",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3804"
},
{
"name": "https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b"
}
]
}
}

140
2017/6xxx/CVE-2017-6702.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-6702",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco SocialMiner",
"version" : {
"version_data" : [
{
"version_value" : "Cisco SocialMiner"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco SocialMiner",
"version": {
"version_data": [
{
"version_value": "Cisco SocialMiner"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm"
},
{
"name" : "99205",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99205"
},
{
"name" : "1038738",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038738"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affected Releases: 11.5(1)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038738",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038738"
},
{
"name": "99205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99205"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-csm"
}
]
}
}

34
2017/7xxx/CVE-2017-7195.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7195",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7195",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

35
2017/7xxx/CVE-2017-7473.json
View File

@ -1,19 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2017-03-10T00:00:00",
"ID" : "CVE-2017-7473",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA based off of CNT 3. Further investigation determined that there was a secure method for using the directive. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-7473",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA based off of CNT 3. Further investigation determined that there was a secure method for using the directive. Notes: none."
}
]
}
}

120
2017/7xxx/CVE-2017-7622.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/kings-way/deepinhack/blob/master/dde_daemon_poc.py",
"refsource" : "MISC",
"url" : "https://github.com/kings-way/deepinhack/blob/master/dde_daemon_poc.py"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 through 15.3, runs with root privileges and hardly does anything to identify the user who calls the function through D-Bus. Anybody can change the grub config, even to append some arguments to make a backdoor or privilege escalation, by calling DoWriteGrubSettings() provided by dde-daemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kings-way/deepinhack/blob/master/dde_daemon_poc.py",
"refsource": "MISC",
"url": "https://github.com/kings-way/deepinhack/blob/master/dde_daemon_poc.py"
}
]
}
}

256
2017/7xxx/CVE-2017-7754.json
View File

@ -1,130 +1,130 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-7754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "54"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.2"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.2"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An out-of-bounds read in WebGL with a maliciously crafted \"ImageInfo\" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read in WebGL with ImageInfo object"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-7754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "54"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.2"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.2"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1357090",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1357090"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-16/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-16/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-17/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-17/"
},
{
"name" : "DSA-3881",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3881"
},
{
"name" : "DSA-3918",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3918"
},
{
"name" : "RHSA-2017:1440",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1440"
},
{
"name" : "RHSA-2017:1561",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1561"
},
{
"name" : "99057",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99057"
},
{
"name" : "1038689",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038689"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read in WebGL with a maliciously crafted \"ImageInfo\" object during WebGL operations. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read in WebGL with ImageInfo object"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99057"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-15/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
},
{
"name": "DSA-3918",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3918"
},
{
"name": "1038689",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038689"
},
{
"name": "DSA-3881",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3881"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1357090",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1357090"
},
{
"name": "RHSA-2017:1440",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1440"
},
{
"name": "RHSA-2017:1561",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1561"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-17/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-17/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-16/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
}
]
}
}

216
2017/7xxx/CVE-2017-7763.json
View File

@ -1,110 +1,110 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-7763",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "54"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.2"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.2"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Mac fonts render some unicode characters as spaces"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-7763",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "54"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.2"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.2"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1360309",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1360309"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-16/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-16/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-17/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-17/"
},
{
"name" : "99057",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99057"
},
{
"name" : "1038689",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038689"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Default fonts on OS X display some Tibetan characters as whitespace. When used in the addressbar as part of an IDN this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mac fonts render some unicode characters as spaces"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99057"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-15/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1360309",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1360309"
},
{
"name": "1038689",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038689"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-17/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-17/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-16/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
}
]
}
}

34
2018/10xxx/CVE-2018-10009.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10009",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10009",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/10xxx/CVE-2018-10283.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10283",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lab.insightsecurity.com.br/clickmania-0day-sql-injection-2/",
"refsource" : "MISC",
"url" : "https://lab.insightsecurity.com.br/clickmania-0day-sql-injection-2/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php id parameter in a recomendar action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lab.insightsecurity.com.br/clickmania-0day-sql-injection-2/",
"refsource": "MISC",
"url": "https://lab.insightsecurity.com.br/clickmania-0day-sql-injection-2/"
}
]
}
}

130
2018/14xxx/CVE-2018-14043.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14043",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c. An attacker could create the file and then would have access to the data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Monetra/mstdlib/commit/db124b8f607dd0a40a9aef2d4d468fad433522a7",
"refsource" : "CONFIRM",
"url" : "https://github.com/Monetra/mstdlib/commit/db124b8f607dd0a40a9aef2d4d468fad433522a7"
},
{
"name" : "https://github.com/Monetra/mstdlib/issues/2",
"refsource" : "CONFIRM",
"url" : "https://github.com/Monetra/mstdlib/issues/2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c. An attacker could create the file and then would have access to the data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Monetra/mstdlib/issues/2",
"refsource": "CONFIRM",
"url": "https://github.com/Monetra/mstdlib/issues/2"
},
{
"name": "https://github.com/Monetra/mstdlib/commit/db124b8f607dd0a40a9aef2d4d468fad433522a7",
"refsource": "CONFIRM",
"url": "https://github.com/Monetra/mstdlib/commit/db124b8f607dd0a40a9aef2d4d468fad433522a7"
}
]
}
}

34
2018/14xxx/CVE-2018-14231.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14231",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14231",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/14xxx/CVE-2018-14301.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.5096"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Sound annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6217."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.5096"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-761",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-761"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Sound annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6217."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-761",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-761"
}
]
}
}

34
2018/14xxx/CVE-2018-14330.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14330",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14330",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/14xxx/CVE-2018-14334.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14334",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/joyplus/joyplus-cms/issues/428",
"refsource" : "MISC",
"url" : "https://github.com/joyplus/joyplus-cms/issues/428"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of control. Consequently, one can upload and execute a .php file, a similar issue to CVE-2018-8766."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/joyplus/joyplus-cms/issues/428",
"refsource": "MISC",
"url": "https://github.com/joyplus/joyplus-cms/issues/428"
}
]
}
}

200
2018/14xxx/CVE-2018-14627.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2018-14627",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "JBoss/WildFly",
"version" : {
"version_data" : [
{
"version_value" : "14.0.0"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality=\"required\" trust-in-target=\"supported\"/>"
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.3/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-319"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "JBoss/WildFly",
"version": {
"version_data": [
{
"version_value": "14.0.0"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627"
},
{
"name" : "https://issues.jboss.org/browse/WFLY-9107",
"refsource" : "CONFIRM",
"url" : "https://issues.jboss.org/browse/WFLY-9107"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181221-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181221-0002/"
},
{
"name" : "RHSA-2018:3527",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3527"
},
{
"name" : "RHSA-2018:3528",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3528"
},
{
"name" : "RHSA-2018:3529",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3529"
},
{
"name" : "RHSA-2018:3595",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3595"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality=\"required\" trust-in-target=\"supported\"/>"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14627"
},
{
"name": "RHSA-2018:3528",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3528"
},
{
"name": "RHSA-2018:3527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3527"
},
{
"name": "https://issues.jboss.org/browse/WFLY-9107",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/WFLY-9107"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181221-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181221-0002/"
},
{
"name": "RHSA-2018:3595",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"name": "RHSA-2018:3529",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3529"
}
]
}
}

130
2018/15xxx/CVE-2018-15495.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/fulldisclosure/2018/Aug/9",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2018/Aug/9"
},
{
"name" : "https://github.com/trippo/ResponsiveFilemanager/blob/master/changelog.txt",
"refsource" : "MISC",
"url" : "https://github.com/trippo/ResponsiveFilemanager/blob/master/changelog.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/trippo/ResponsiveFilemanager/blob/master/changelog.txt",
"refsource": "MISC",
"url": "https://github.com/trippo/ResponsiveFilemanager/blob/master/changelog.txt"
},
{
"name": "http://seclists.org/fulldisclosure/2018/Aug/9",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/9"
}
]
}
}

132
2018/15xxx/CVE-2018-15707.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00",
"ID" : "CVE-2018-15707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Advantech WebAccess",
"version" : {
"version_data" : [
{
"version_value" : "8.3.1 and 8.3.2"
}
]
}
}
]
},
"vendor_name" : "Advantech"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-15707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "8.3.1 and 8.3.2"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45774",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45774/"
},
{
"name" : "https://www.tenable.com/security/research/tra-2018-35",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-35"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. An attacker could leverage this vulnerability to disclose credentials amongst other things."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45774",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45774/"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-35",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
]
}
}

140
2018/15xxx/CVE-2018-15942.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-15942",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader",
"version" : {
"version_data" : [
{
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-15942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader",
"version": {
"version_data": [
{
"version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"name" : "105439",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105439"
},
{
"name" : "1041809",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "105439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105439"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
}
]
}
}

120
2018/20xxx/CVE-2018-20652.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20652",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in tinyexr.h in tinyexr v0.9.5. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted input, which leads to an out-of-memory exception."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/syoyo/tinyexr/issues/104",
"refsource" : "MISC",
"url" : "https://github.com/syoyo/tinyexr/issues/104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in tinyexr.h in tinyexr v0.9.5. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted input, which leads to an out-of-memory exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/syoyo/tinyexr/issues/104",
"refsource": "MISC",
"url": "https://github.com/syoyo/tinyexr/issues/104"
}
]
}
}

130
2018/9xxx/CVE-2018-9550.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2018-9550",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-9"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2018-9550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-12-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-12-01"
},
{
"name" : "106137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106137"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106137"
},
{
"name": "https://source.android.com/security/bulletin/2018-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-12-01"
}
]
}
}

34
2018/9xxx/CVE-2018-9653.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9653",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9653",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9879.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9879",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9879",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}